Executive Order on Improving the Nation’s Cybersecurity issued following Colonial Pipeline Ransomware Attack


By: Caitlin Tubbesing

On the heels of the May 7th ransomware attack on Colonial Pipeline—resulting in a temporary shutdown of its 5,5000 mile pipeline system carrying 45% of the East Coast’s fuel supply— President Biden issued an Executive Order aimed at modernizing and improving the country’s defenses against these ever-increasing and malicious cyberattacks. The Order was originally drawn up following the SolarWinds “supply chain” attack, which exposed significant gaps in American cyber defenses in both the public and private sectors.

Although the Order does not specifically address critical infrastructure systems like oil and gas pipelines, power, and water, it directs the Commerce Department’s National Institute of Standards and Technology (NIST) to publish cybersecurity guidelines for supply-chain security, and standards for private companies selling software services to the government. Other provisions in the 34-page Order:

  • direct government agencies to move to secure cloud services and a zero-trust architecture, including a mandate to deploy multifactor authentication and encryption;
  • require IT government contractors to report data breaches posing a potential danger to federal networks to the Office of Management and Budget and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) within three days;
  • urges the creation of a standardized playbook and set of definitions for cyber incident response by federal departments and agencies;
  • calls for the formation of a Cybersecurity Safety Review Board, similar to the National Transportation Safety Board, that will study and report how significant breaches occurred; and
  • seeks a national labeling system for software programs that will give consumers information regarding the security level.

The hope is that these measures will not only enable the government to more effective defend against and respond to breaches as they occur, but also that these measures will have a ripple effect in the private sector and critical infrastructure and improve national and global cybersecurity as a whole.  To that end, the White House has urged private sector companies to follow the federal government’s lead and to make necessary investments in cybersecurity and implement ambitious measures to minimize future cyberattacks.

For more information, please contact Caitlin Tubbesing at