Executive Order on Improving the Nation’s Cybersecurity: Biden Implements New Information Requirements for Government IT Contractors
May 26, 2021
Alston & Bird
To print this article, simply register or log in to Mondaq.com.
On May 12, 2021, President Biden signed an Executive Order aimed at improving the nation’s cybersecurity by reducing data breaches and malicious cyber campaigns. The Order is responding to several recent cybersecurity incidents, including a ransomware attack on the Colonial Pipeline Co., which resulted in a temporary shutdown, which caused gas shortages along the East Coast and an increase. of the price of fuel at the national level.
The Order seeks to establish a partnership between the federal government and the private sector to ensure a more secure cyber environment, creating a cybersecurity review board made up of federal officials and private sector representatives, and streamlining cyberattack reporting processes. in government. . In particular, the College implements the information requirements of government contractors in the Information Technology (IT) and Operational Technology (OT) sector to report data breaches that may pose a danger to federal networks.
The Biden ordinance establishes a plan for federal agencies to review and update the contractual requirements of the Federal Procurement Regulation (FAR) and the Federal Defense Procurement Regulation Supplement (DFARS) for contracting with IT service providers and OT to ensure that:
- collect and maintain data relevant to the prevention, detection, response and investigation of cybersecurity events on all information systems over which they have control;
- share this relevant data with any agency with which you have contracted and with any other agency that the Director of the Office of Management and Budgets (OMB) deems appropriate;
- collaborate with federal research or cybersecurity agencies in their investigations and responses to incidents or possible incidents in federal information systems, including the implementation of technical capabilities as necessary; i
- share information on cyber threats and incidents with agencies, doing so, whenever possible, in industry-recognized formats for incident response and remediation.
The College also instructs information and communications technology (ICT) service providers to contract with agencies that report immediately when they discover a cyber incident. The College provides that the Secretary of Homeland Security and the Director of OMB are responsible for ensuring that service providers share data with agencies.
The White House reports that this Executive Order is the first of many steps the Administration plans to take to improve the nation’s cybersecurity.
We will continue to monitor developments and provide updates as the Administration moves forward on this front. In the meantime, don’t miss a good opportunity for security visibility. Use the potential for cyber regulation of larger federal government contractors to help justify whether additional senior management security resources are needed to fulfill your current control set. Any other cyber regulation will only be based on your existing control set.
The content of this article is intended to provide general guidance on the subject. You need to seek specialized advice on your specific circumstances.
POPULAR ARTICLES ON: Government, Public Sector of the United States
Biden cybersecurity executive order
Sheppard Mullin Richter and Hampton
On May 12, 2021, the Biden Administration issued its long-awaited “Executive Order on Improving the Nation’s Cybersecurity.”