14 DAY TRIAL // After yet another ransomware attack, the pipeline that supplies nearly half of the East Coast's gasoline and jet fuel, remained shut down on Sunday. The event led to emergency meetings in the White House and fresh concerns about whether President Biden's executive order improving cybersecurity for federal agencies and contractors goes far enough.
The order is a new road map for the nation's cyberdefense. Drafts circulated among government officials and corporate executives for weeks and summaries were obtained by The New York Times.
The sources claim the order provides a set of digital security guidelines for federal agencies and contractors that design software for the government. The guidelines include multifactor authentication, that is similar to when customers receive a second code from a bank or credit card company to log in.
According to the drafts, federal agencies are to take a "zero confidence" approach to software providers, allowing them access to federal systems only when appropriate. In addition, contractors are required to certify their software and hence, provide proof it is not contaminated with malware or contains exploitable vulnerabilities.
Violators risk getting their products banned from being sold to the federal government, effectively killing their economic viability.
An international alliance to combat ransomware
Top executives from Amazon, Microsoft, Cisco, FireEye, and hundreds of other companies teamed up with the Justice Department last month to deliver an 81-page report calling for an international alliance to fight ransomware.
Lisa Monaco, the deputy attorney general, and John Carlin, who led the Justice Department's national security division during the Obama administration, are leading the effort.
One of the recommendations in the coalition of companies' study is to force ransomware safe havens, such as Russia, to prosecute cybercriminals using sanctions or travel visa restrictions. It also suggests that foreign law enforcement should collaborate to keep cryptocurrency exchanges accountable under anti-money laundering and “know your customer” legislation.
The executive order also aims to close gaps in the country's cyberdefenses that were revealed in recent Russian and Chinese cyberattacks. The latter were staged from domestic servers within the US, meaning where the National Security Agency has no jurisdiction.