President Biden has signed a cybersecurity executive order focused on improving the nation's cyber stance, threat intelligence sharing, and cyberattack response efforts.
The executive order has specific implications for IT service providers that work with the U.S. federal government. In fact, the order specifically mentions various types of IT service providers 15 times.
The executive order is the latest step by the Biden administration to strengthen the country's overall cyber posture, while has faced repeated attacks from nation-sponsored adversaries and various hacker groups.
The executive order, among other things, includes steps that strive to:
- Remove Barriers to Sharing Threat Information.
- Modernize Federal Government Cybersecurity.
- Enhance Software Supply Chain Security.
- Establish a Cyber Safety Review Board.
- Standardize the Federal Government’s Playbook for Responding to Cybersecurity Vulnerabilities and Incidents.
- Improve Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks.
- Improve the Federal Government’s Investigative and Remediation Capabilities.
An associated goal is to speed cyber incident information sharing between IT service providers, cloud service providers, software companies and various federal government agencies -- including the CISA (Cybersecurity and Infrastructure Security Agency).
Cybersecurity Executive Order: Emerging IT Service Provider Requirements
So where do IT service providers fit into the conversation?
- One executive order priority involves updating federal IT services contracts to ensure that IT service providers: "collect and preserve data, information, and reporting relevant to cybersecurity event prevention, detection, response, and investigation on all information systems over which they have control, including systems operated on behalf of agencies, consistent with agencies’ requirements."
- Moreover, the federal IT service contracts should ensure that: "service providers share such data, information, and reporting, as they relate to cyber incidents or potential incidents relevant to any agency with which they have contracted, directly with such agency and any other agency that the Director of OMB, in consultation with the Secretary of Defense, the Attorney General, the Secretary of Homeland Security, and the Director of National Intelligence, deems appropriate, consistent with applicable privacy laws, regulations, and policies.
- In terms of detecting and reporting cyber incidents, IT service providers that work with the federal government will also need to: "collaborate with Federal cybersecurity or investigative agencies in their investigations of and responses to incidents or potential incidents on Federal Information Systems, including by implementing technical capabilities, such as monitoring networks for threats in collaboration with agencies they support, as needed."
- If an incident happens, IT service providers will need to "share cyber threat and incident information with agencies, doing so, where possible, in industry-recognized formats for incident response and remediation."
Executive Order Includes Cybersecurity Deadlines
The executive order also included specific cyber deadlines for the federal government and IT service providers, stating:
"Within 120 days of the date of this order, the Secretary of Homeland Security and the Director of OMB shall take appropriate steps to ensure to the greatest extent possible that service providers share data with agencies, CISA, and the FBI as may be necessary for the Federal Government to respond to cyber threats, incidents, and risks."
Information and communications technology (ICT) service providers were also spotlighted in the executive order. For example:
- ICT Service Providers entering into contracts with agencies "must promptly report to such agencies when they discover a cyber incident involving a software product or service provided to such agencies or involving a support system for a software product or service provided to such agencies;" and
- ICT Service Providers must also "directly report to CISA whenever they report under subsection (f)(i) of this section to Federal Civilian Executive Branch (FCEB) Agencies, and CISA must centrally collect and manage such information."
U.S. Infrastructure Suffers From Cyberattacks
That's just a sampling of the overall executive order, which comes the same week that Colonial Pipeline is striving to recover from a DarkSide ransomware attack. The attack forced the company to shut down a massive fuel pipeline that stretches from Texas to New Jersey.
Colonial Pipeline is investigating the incident with help from the federal government and FireEye, according to reports. At the same time, a gradual pipeline restart began on Wednesday evening, May 12.