Logo

President Biden on Wednesday signed an executive order intended to improve US cybersecurity after the hack of the Colonial Pipeline caused massive disruption to the US fuel market.

The order establishes a new multiagency Cybersecurity Safety Review Board to review incidents and mandates that federal systems log cybersecurity incidents and use multifactor authentication and stronger encryption.

The order also eliminates “any contractual barriers” to IT service provides informing the government of breaches and “requir[es] providers to share breach information that could impact Government networks,” according to a White House fact sheet.

The order also seeks to mandate new “baseline security standards for development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available,” the fact sheet says.

Although US government involvement with communications firms makes civil libertarians and some privacy-minded technologists uneasy, Biden administration officials insisted that the changes will benefit the public.

An administration official told reporters that the government’s establishment of baseline standards will improve the software that everyone uses.

“Right now, there’s no way to assess security in the market so there’s no way to say, you know, pay a little more to incentivize the market,” the official said.

The same official said that the new cybersecurity review board would start off with an initial assignment of investigating the recent SolarWinds hack that impacted government systems.


  Colonial Pipeline was reportedly attacked by a criminal organization known as DarkSide. Photo by LOGAN CYRUS/AFP via Getty Images Colonial Pipeline was reportedly attacked by a criminal organization known as DarkSide. Photo by LOGAN CYRUS/AFP via Getty Images

The review board will be housed at the Department of Homeland Security and co-chaired by the DHS secretary and a private sector leader, who will change for each incident review.

Government entities on the board will include the Justice Department, the Defense Department and the National Security Agency, which faced criticism for mass-collecting domestic communications records under secret court orders exposed in 2013.

New cyber standards, meanwhile, will be drafted by the Cybersecurity and Infrastructure Security Agency.

“CISA will be leading an effort to really solidify those details and define the rules and what needs to be shared for specific incidents, but it needs to be shared on specific timelines on a sliding scale based on the severity of the incident,” the official said.

The official said that although the executive order is being announced amid the pipeline fiasco, it has been in the works since “week two of the administration..”

The Colonial Pipeline, which carries fuel north from the Gulf Coast, reopened Wednesday evening after it was shut down over the weekend in response to the a ransomware hack. The impact worsened Tuesday and Wednesday as gas stations from Florida to Maryland sold out.

The national gas price average surged to a seven-year high due to the crisis.


  A couple stocking up on gas amid the cyberattack on Colonial Pipeline on May 12, 2021. REUTERS/Octavio Jones A couple stocking up on gas amid the cyberattack on Colonial Pipeline on May 12, 2021. REUTERS/Octavio Jones

Biden told reporters at the White House that “I have in the meantime made it easier for us to lift some of the restrictions on the transportation of fuel, as well as access to the United States military providing fuel and with vehicles to get it there.”

But those mitigation efforts made no significant dent in the crisis.

Patrick DeHaan, head of petroleum analysis at Gas Buddy, reported Wednesday afternoon that 68 percent of gas stations in North Carolina ran out of supplies. The figure was 49 percent in Virginia and about 45 percent in both Georgia and South Carolina.

Biden told reporters he believes the crisis shows in part that “we have to make a greater investment in education as a relates to be able to train and graduate more people proficient in cyber security.”

The Biden administration hasn’t said if the company paid a ransom to hackers, who are believed to be located in Russia.

Comments
anonymous profile image
Powered by RoundtableBuilt on infrastructure designed for real-time media. Learn more at RTB.io.© Roundtable 2026. By using this site you agree to the Terms of Use and Privacy Policy