On May 12, 2021, President Biden signed an Executive Order on Improving the Nation's Cybersecurity. The order implements seven major cybersecurity requirements, beginning with certain mandatory breach reporting requirements for IT and OT providers. Additionally, it mandates the implementation of multifactor authentication and encryption technology for the federal government and mandates the creation of a Zero Trust Architecture plan within 60 days. Furthermore, it establishes baseline cybersecurity standards for all products sold to the federal government and creates an “energy star” style labeling program for secure software. Lastly, the order establishes a Cybersecurity Safety Review Board modeled after the National Transportation Safety Board; creates a standardized playbook for cybersecurity breaches; implements a government-wide Endpoint Detection and Response system; and mandates the creation of a cybersecurity event log for all Executive agencies.
The order drew praise from members of the cybersecurity community. “Cybersecurity is the most urgent national security challenge facing our nation, and I applaud President Biden for taking action early in his term to address and eliminate glaring vulnerabilities,” said Rep. Jim Langevin (D-RI), in a statement published in response to the executive order.
In a statement responding to the order, Sen. Mark Warner (D-VA) acknowledged the role that Congress must play in cybersecurity: "This executive order is a good first step, but executive orders can only go so far. Congress is going to have to step up and do more to address our cyber vulnerabilities, and I look forward to working with the administration and my colleagues on both sides of the aisle to close those gaps."