Executive Order On Improving The Nation’s Cybersecurity: Biden Implements New Reporting Requirements On IT Government Contractors
To print this article, all you need is to be registered or login on Mondaq.com.
On May 12. 2021, President Biden signed an Executive Order aimed
at improving the Nation’s Cybersecurity by curtailing data
breaches and malicious cyber campaigns. The Order comes in response
to a number of recent cybersecurity incidents, including a
ransomware attack on the Colonial Pipeline Co. that caused a
temporary shutdown, resulting in gas shortages along the Eastern
Seaboard and a nationwide spike in fuel prices.
The Order seeks to establish a partnership between the Federal
Government and the private sector to ensure a more secure cyber
environment, creating a Cyber Safety Review Board comprised of
Federal officials and private sector representatives, and
streamlining the processes for reporting cyber-attacks to the
Government. Particularly, the Order implements reporting
requirements on Information Technology (IT) and Operational
Technology (OT) sector government contractors to report data
breaches that could pose a danger to federal networks.
Biden’s Order lays out a plan for federal agencies to review
and update the Federal Acquisition Regulation’s (FAR) and the
Defense Federal Acquisition Regulation Supplement’s (DFARS)
contract requirements for contracting with IT and OT service
providers to ensure they:
- collect and preserve data relevant to cybersecurity event
prevention, detection, response, and investigation on all
information systems over which they have control;
- share such data relevant to any agency with which they have
contracted, and any other agency that the Director of the Office of
Management and Budget (OMB) deems appropriate;
- collaborate with Federal cybersecurity or investigative
agencies in their investigations of and responses to incidents or
potential incidents on Federal Information Systems, including by
implementing technical capabilities as needed; and
- share cyber threat and incident information with agencies,
doing so, where possible, in industry-recognized formats for
incident response and remediation.
The Order also instructs information and communications
technology (ICT) service providers entering into contracts with
agencies to promptly report when they discover a cyber incident.
The Order arranges for the Secretary of Homeland Security and the
Director of OMB to be responsible for ensuring that service
providers share data with agencies.
The White House reports that this Executive Order is the first
of many steps the Administration intends to take aimed at improving
the Nation’s cybersecurity.
We will continue to monitor developments and provide updates as
the Administration progresses on this front. In the interim,
don’t let a good opportunity for security visibility go to
waste. Use the potential for more granular federal government
contractor cyber regulation to help justify if additional security
resources are needed from senior management to meet your present
control set. Any further cyber regulation will only build
upon your existing control set.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Government, Public Sector from United States