After a ransomware attack targeted the 5,500-mile Colonial Pipeline in early May, triggering panic-buying among consumers and fuel shortages throughout the Southeast, President Biden issued an executive order on May 10 aimed at improving cybersecurity.
“The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy,” Biden said in a statement. “The Federal Government must improve its efforts to identify, deter, protect against and respond to these actions and actors.”
The executive action order came too late to prevent a $5 million ransom paid — according to Bloomberg and NBC News — by Colonial Pipeline owners and underscored the vulnerability of U.S. public and private infrastructure to online criminals.
While Colonial is a private firm, government entities have been targeted by hackers, too. Russian intelligence forces were linked to the penetration in early 2020 of SolarWinds, a firm whose compromised software led hackers into 100 top U.S. companies and a dozen government agencies. The intruders roamed in unrestricted electronic access for months, officials acknowledged.
The order “targets persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.” In addition, the order establishes a Cyber Incident Review Board that will convene following a significant cyber incident to analyze what happened and make concrete recommendations for improving cybersecurity going forward.
The Cyber Incident Review Board will have a private sector co-chair, referencing the administration’s focus on bringing in and partnering with the private sector on cybersecurity.
A Biden administration official said in response to the issuing of the executive order that these incidents share one thing in common: a laissez-faire attitude towards cybersecurity.
“And we simply cannot let “waiting for the next incident to happen” to be the status quo under which we operate.”
A second commonality among these incidents is poor software security, and the current market development of “build, sell, and maybe patch later” said the official.
They said the nation routinely installs software with significant vulnerabilities into some of its most critical systems and infrastructure.
These systems manage water, traffic on the road and in the air, power and other necessities for Americans. If they were to be attacked the outcome could be catastrophic.
Cyberattacks aren’t just a federal issue, it’s happening to the private sector, healthcare and local government branches like D.C’s Metropolitan Police Department, which was a victim last week of a ransomware attack.
The Babuk group, a foreign online gang reportedly responsible for the attack, asked for $4 million not to release the sensitive police information, like names of informants. No reports on where negotiations stand between the police, FBI and the group stand as of Monday, May 17.