{"id":118894,"date":"2021-07-28T19:33:57","date_gmt":"2021-07-28T19:33:57","guid":{"rendered":"https:\/\/fin2me.com\/?p=118894"},"modified":"2021-07-28T19:33:57","modified_gmt":"2021-07-28T19:33:57","slug":"biden-to-sign-an-executive-order-aimed-at-protecting-critical-american-infrastructure-from-cyberattacks","status":"publish","type":"post","link":"https:\/\/fin2me.com\/politics\/biden-to-sign-an-executive-order-aimed-at-protecting-critical-american-infrastructure-from-cyberattacks\/","title":{"rendered":"Biden to sign an executive order aimed at protecting critical American infrastructure from cyberattacks."},"content":{"rendered":"
\n<\/p>\n
By <\/span>David E. Sanger<\/span><\/p>\n A day after President Biden warned that cyberattacks could lead to a \u201creal shooting war,\u201d he is expected to sign an executive order on Wednesday aimed at preventing hackings on America\u2019s critical infrastructure.<\/p>\n While the order has been in the works for some time, the need was driven home by a series of major ransomware attacks, including against Colonial Pipeline, which provides the East Coast with 45 percent of its gasoline, jet fuel and diesel.<\/p>\n The order is mostly filled with voluntary measures for companies to meet a series of online security standards, like encrypting data and requiring two-factor authentication for all users on a system, to stymie hackers who possess stolen passwords. In a call with reporters Tuesday night, a senior administration official said the idea was to develop \u201ccybersecurity performance goals\u201d to assess how prepared each company or utility was.<\/p>\n The effort is a way to get beyond the \u201cwoefully insufficient\u201d patchwork of mandates and voluntary actions to protect electric utilities, gas pipelines, water supplies and industrial sites that keep the economy running, the official said.<\/p>\n Such efforts have been tried before, dating to the presidency of George W. Bush. But Mr. Biden is the first president to talk about the issue \u2014 almost every week \u2014 as a national security imperative. It was the central topic of his meeting in June with President Vladimir V. Putin of Russia. And on Tuesday, visiting the Office of the Director of National Intelligence, Mr. Biden gave a grim assessment of where he believed the constant, short-of-war attacks on the United States, both state-sponsored operations and criminal ransomware, are headed.<\/p>\n \u201cIf we end up in a war, a real shooting war with a major power,\u201d he told the intelligence officers there, \u201cit\u2019s going to be as a consequence of a cyberbreach of great consequence. And it\u2019s increasing exponentially \u2014 the capabilities.\u2019\u2019<\/p>\n Mr. Biden\u2019s chief challenge now is a lack of authority to mandate changes. He has already imposed security standards on providers of software to the federal government, betting that if a company is banned from selling to the government, it will also suffer in the commercial marketplace. He has ordered a series of increased protections for federal agencies, 10 of which were affected by the SolarWinds hacking last year, a broad invasion of the software \u201csupply chain\u201d used by 18,000 companies and governments.<\/p>\n But key elements of American infrastructure are run by private companies \u2014 and in Colonial Pipeline\u2019s case, Russian-speaking hackers brought down the distribution system almost accidentally, after attacking the company\u2019s business systems. That was followed by another ransomware attack on JBS, the world\u2019s largest beef producer, which paid $11 million to start running again.<\/p>\n For years, many industries have maintained informal organizations that share cyberthreat information or best practices. But there are so many holes in the system that it has been relatively easy for Iran, Russia, China and ransomware groups to find ways to place malicious software in the systems, or initiate attacks that freeze data and make it impossible to operate, as happened to Colonial Pipeline and JBS.<\/p>\n The measures outlined in the new national security memorandum, called \u201cImproving Cybersecurity for Critical Infrastructure Control Systems,\u201d are being coordinated by the Department of Homeland Security\u2019s Cybersecurity and Infrastructure Security Agency and the Commerce Department\u2019s unit that sets industrial standards.<\/p>\nSite Index<\/h2>\n
Site Information Navigation<\/h2>\n