Biden ordered tightening of cyber-defenses after colonial hack
President Joe Biden signed an executive order to improve US cyber-defenses after the recent attacks.
The exact order has strict deadlines for all government departments to fulfill the order and tighten security.
It came after the US had to deal with a hack on the country’s most extensive pipeline that has experienced fuel shortages resulted from the panic of buying across some states.
Colonial Pipeline said that it had restarted its pumps, but it would take several days for fuel supplies to return to normal.
The company said that some markets that Colonial Pipeline serves might experience intermittent service interruptions during this period.
They added that Colonial would move as much diesel, gasoline, and jet fuel as possible in terms of safety. And it will continue to do its best until markets return to normal.
On Friday, ransomware group Darkside attacked the company, which was forced to take operations offline.
The pipeline that is 5,000-mile supplies 46% of the jet fuel and petrol needs of the east coast of the US.
This event produced a panic of buying in several states that led the US Consumer Product Safety Commission to announce a Twitter. The tweet was addressing people saying that they should not pour gasoline in plastic bags.
The order that President Biden released was not explicitly written in response to the latest cyber attack on pipes. Still, it is understood as it is delayed to take it into account.
SolarWinds cyber-espionage campaign, which was discovered back in 2020, initially prompted it.
Reactions to the attack
This event is considered one of the worst cyberattacks in history, involving cyberspies accessing emails and networks across several US government departments.
The US and UK authorities have blamed the Russian government.
The order is wide-ranging that requires all government departments within 180 days to adopt multi-factor identification log-in systems. They have to accelerate moves to so-called zero trust and cloud frameworks. They have to designate every unclassified data that is too sensitive to keep in regular networks storages. They also need to conduct more thorough reviews of critical software suppliers.
It also emphasizes private cyber-security companies improving their defenses and more transparency about when they experience attacks.
The order also states that cyber-security vendors require to report intrusions within 72 hours after the discovery.
The former leader of the US Cybersecurity and Infrastructure Security Agency Chris Krebs, tweeted that it is an achievable and ambitious work plan to improve the security of US government networks.
