On May 12, President Joseph Biden signed the executive order on improving the nation’s cybersecurity (the order) in the wake of cybersecurity incidents affecting SolarWinds Corp., on-premises Microsoft Exchange Servers, Colonial Pipelines and JBS. In the SolarWinds attack, Russian hackers exploited a routine software update to install malicious code, allowing the hackers to infiltrate nine federal agencies and about 100 companies. Microsoft Exchange’s server vulnerabilities are estimated to have affected about 60,000 organizations. The May 6, ransomware attack on Colonial Pipeline shut down the largest oil pipeline in the United States and disrupted supplies of gasoline and fuel to the East Coast. In June, JBS, America’s largest processor of beef, poultry, and pork, paid $11 million ransom in a cyberattack that affected one-fifth of the nation’s meat supply.
The order outlines several initiatives that will be rolled out on an aggressive timetable this year intended to enhance the federal government’s cybersecurity practices, particularly with respect to the software supply chain, and to contractually obligate government contractors to align with such enhanced security practices. The order directly impacts government contractors, including cloud service providers and software developers.