President Joseph Biden has issued a broad executive order (EO) directing federal agencies to establish several programs to mitigate the types of recent cybersecurity breaches. The terms of Biden’s “Executive Order on Improving the Nation’s Cybersecurity” will have a particularly negative impact on the information technology industry. This includes companies directly or indirectly involved in delivering IT goods and services to the federal government.
The EO outlined several objectives for increasing cybersecurity across the federal government, including raising standards and improving detection. The directive also calls for creating a Cybersecurity Safety Review Board, modeled after the National Transportation Safety Board, to improve cyber information sharing between the government and industries.
Key takeaways:
- The IT and business groups backed Biden’s approach, but only in the context of the EO being a first step that would require significant private sector participation.
- The initiative required releasing a document detailing the “basic elements” of a Software Bill of Materials (SBOM)
- The government claimed in the Executive Order that such disclosures are severely lacking in the federal IT purchase process, and there is an “urgent urgency” to address the problem.