Biden pledged back in April to take necessary steps toward securing U.S. cyber-infrastructure and preventing future security breaches such as the 2020 SolarWinds hack. The New York Times reported Sunday night, however, that some officials and lawmakers involved in the drafting of the order have expressed concerns about its ability to prevent breaches like the ransomware attack that shattered the Colonial Pipeline over the weekend.
According to a draft reviewed by the newspaper, the order standardizes basic cybersecurity practices, such as two-factor authentication, at all federal agencies and contracted software vendors. The order additionally imposes a zero-tolerance policy for vendors and would block those who fail to comply from receiving federal contracts.
“That is the stick,” James Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington, declared to the Times. “Companies will be held liable if they’re not telling the truth.”
It remains unclear what effect the order would have had in preventing the Colonial Pipeline attack since it is a private company. Colonial Pipeline has not yet disclosed how the group of Russian hackers known as "DarkSide" compromised its system.
The company itself is responsible for transporting nearly half of the East Coast's fuel supply. Similarly, the New York Times estimated that some 85% of the country's energy installations, water treatment plants, and other pieces of critical infrastructure are managed by private companies.
The Biden administration is carrying out a separate initiative to secure the power grid in the form of a 100-day review launched in April.
The White House did not respond to the inquiries on the subject by press time.
Commerce Secretary Gina Raimondo named the cyber initiative a "top priority for the administration" during a Sunday interview with CBS.
"Unfortunately, these sorts of attacks are becoming more frequent. They're here to stay. And we have to work in partnership with businesses to secure networks to defend ourselves against these attacks," she stated. "It's an all-hands-on-deck effort right now. And we are working closely with the company, state, and local officials to make sure that they get back up to normal operations as quickly as possible."
Louisiana Republican Sen. Bill Cassidy similarly noted on NBC that the national security implications of the Colonial Pipeline and SolarWinds attacks "cannot be overstated."
“There have been problems in the past with sharing classified information with private entities, and Congress has passed a law to fix that,” Cassidy concluded. “But it's going to take an ongoing relationship, by the way, a bipartisan relationship, in which we better equip small businesses and large businesses to withstand cyberattacks.”