Executive Order on Improving the Nation’s Cybersecurity: Biden Implements New Reporting Requirements on IT Government Contractors

Alston & Bird
Contact

On May 12. 2021, President Biden signed an Executive Order aimed at improving the Nation’s Cybersecurity by curtailing data breaches and malicious cyber campaigns. The Order comes in response to a number of recent cybersecurity incidents, including a ransomware attack on the Colonial Pipeline Co. that caused a temporary shutdown, resulting in gas shortages along the Eastern Seaboard and a nationwide spike in fuel prices.

The Order seeks to establish a partnership between the Federal Government and the private sector to ensure a more secure cyber environment, creating a Cyber Safety Review Board comprised of Federal officials and private sector representatives, and streamlining the processes for reporting cyber-attacks to the Government. Particularly, the Order implements reporting requirements on Information Technology (IT) and Operational Technology (OT) sector government contractors to report data breaches that could pose a danger to federal networks.

Biden’s Order lays out a plan for federal agencies to review and update the Federal Acquisition Regulation’s (FAR) and the Defense Federal Acquisition Regulation Supplement’s (DFARS) contract requirements for contracting with IT and OT service providers to ensure they:

  • collect and preserve data relevant to cybersecurity event prevention, detection, response, and investigation on all information systems over which they have control;
  • share such data relevant to any agency with which they have contracted, and any other agency that the Director of the Office of Management and Budget (OMB) deems appropriate;
  • collaborate with Federal cybersecurity or investigative agencies in their investigations of and responses to incidents or potential incidents on Federal Information Systems, including by implementing technical capabilities as needed; and
  • share cyber threat and incident information with agencies, doing so, where possible, in industry-recognized formats for incident response and remediation.

The Order also instructs information and communications technology (ICT) service providers entering into contracts with agencies to promptly report when they discover a cyber incident. The Order arranges for the Secretary of Homeland Security and the Director of OMB to be responsible for ensuring that service providers share data with agencies.

The White House reports that this Executive Order is the first of many steps the Administration intends to take aimed at improving the Nation’s cybersecurity.

We will continue to monitor developments and provide updates as the Administration progresses on this front.  In the interim, don’t let a good opportunity for security visibility go to waste.  Use the potential for more granular federal government contractor cyber regulation to help justify if additional security resources are needed from senior management to meet your present control set.  Any further cyber regulation will only build upon your existing control set.

[View source.]

Written by:

Alston & Bird
Contact
more
less

Alston & Bird on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.