by Tina D. Reynolds, Alex Iftimie, and Sandeep N. Nandivada

On May 12, 2021, the Biden administration issued an ambitious Executive Order on Improving the Nation’s Cybersecurity (EO) declaring the prevention, detection, assessment, and remediation of cyber incidents to be a “top priority and essential to national and economic security.” Over 8,000 words long, the EO establishes a series of initiatives designed to better equip the U.S. federal government to respond to cybersecurity threats.  The most notable provisions of the EO are as follows:

• It sets in motion changes to federal contracts that will add breach notification and information sharing requirements for government service providers and remove existing contractual barriers to threat information sharing by the private sector;
• It establishes baseline security standards for the development of software sold to the government by all commercial suppliers; and
• It provides minimum cybersecurity requirements for federal agencies, like the use of multifactor authentication and encryption, and helps to move the federal government toward secure cloud services and zero-trust architecture.

The EO reflects the government’s heightened concerns about cyber threats, particularly following the SolarWinds, Microsoft Exchange, and Colonial Pipeline incidents.  It also reflects the Administration’s efforts to leverage the buying power of the federal government to incentivize the software market to build security into the software development lifecycle, and to expand and enhance the information sharing between the private sector and the government.    Continue reading →