A hack of a major pipeline, the latest evidence of the nation’s vulnerabilities to cyberattacks, prompted questions about whether the administration should go further.
WASHINGTON — A pipeline that provides the East Coast with nearly half its gasoline and jet fuel remained shuttered on Sunday after yet another ransomware attack, prompting emergency White House meetings and new questions about whether an executive order strengthening cybersecurity for federal agencies and contractors goes far enough even as President Biden prepares to issue it.
The order, drafts of which have been circulating to government officials and corporate executives for weeks and summaries of which were obtained by The New York Times, is a new road map for the nation’s cyberdefense.
It would create a series of digital safety standards for federal agencies and contractors that develop software for the federal government, such as multifactor authentication, a version of what happens when consumers get a second code from a bank or credit-card company to allow them to log in. It would require federal agencies to take a “zero trust” approach to software vendors, granting them access to federal systems only when necessary, and require contractors to certify that they comply with steps to ensure that the software they deliver has not been infected with malware or does not contain exploitable vulnerabilities. And it would require that vulnerabilities in software be reported to the U.S. government.
Violators would risk having their products banned from sale to the federal government, which would, in essence, kill their viability in the commercial market.