By Chloe Albanesius at pcmag.com
May 13, 2021- Among other things, a Wednesday executive order creates a pilot program to create an ‘energy star’ type of label so the feds and the public can quickly determine whether software was developed securely, the White House says.
In the wake of several high-profile cyberattacks, President Biden on Wednesday signed an executive order(Opens in a new window) that, among other things, calls for tighter IT security across federal agencies, labels on software that give consumers a better idea of built-in security features, and a review board that admin officials likened to a National Transportation Safety Board for cybersecurity.
The executive order “reflects a fundamental shift in our mindset — from incident response to prevention, from talking about security to doing security — setting aggressive but achievable goals to make the federal government a leader in cybersecurity, and improve software security and incident response,” according to senior administration officials.
Government-Wide Two-Factor Authentication
Ransomware attacks like the one that temporarily crippled Colonial Pipeline this week are often executed by malware that steals login credentials. That’s harder to do (though not impossible) if two-factor authentication is enabled, as attackers need more than a password to gain access. So this EO requires federal agencies to adopt multi-factor authentication within 180 days, as well as encryption for data at rest and in transit.
“Following the SolarWinds incident response, we were confronted by the hard truth that some of the most basic cybersecurity prevention and response measures were not systemically rolled out across federal agencies,” a senior administration official said this week.