On Wednesday, Joe Biden signed an executive order focused on improving the nation's cybersecurity defenses.
The executive order comes on the heels of one of the most high-profile ransomware attacks on Colonial Pipeline, the largest fuel pipeline in the nation. The attack crippled the U.S. East Coast fuel distribution and spurred panic buying and chaos at the pumps.
It came to light on Thursday that Colonial allegedly paid the attackers, an Eastern European threat actor group dubbed DarkSide, $5M for a decrypting tool to restore their systems -- a controversial way out of the ransomware bind. The organization was still forced to use their backups to restore their systems, as the purchased tool moved slower than the organization needed to get back online.
"The Colonial Pipeline incident is a reminder that federal action alone is not enough," the White House said in a subsequent statement. The White House urged private companies to "follow the federal government's lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents."
Immense pressure has been mounting on the U.S. to bolster its cyber defenses and align government and private cybersecurity efforts ever since the SolarWinds attacks in 2020, and the subsequent Microsoft Exchange Server attacks earlier this year.
Many cyber experts felt that the Executive Order was a step in the right direction.
Bill Rucker, President of Trustwave Government Solutions, Trustwave's government arm had this to say about the Executive Order:
"The Biden Administration's Executive Order on Improving the Nation's Cybersecurity is a strong step in the fight to protect our critical assets. Improving information sharing, better incident reporting, responding to cyber events in a consistent manner, and learning from major incidents to create a cycle of improvement are absolute necessities to advance collaborative cybersecurity across the government and private sectors effectively.
As a cybersecurity leader that works with hundreds of organizations across the government and private sectors, we understand and support the important move to better secure assets in the cloud. We appreciate the holistic view taken by the Administration and encourage investment in also securing on-premises environments during this time of transition to the cloud. Databases house some of our most sensitive information, and robust protection built around vulnerability management and monitoring is key to supporting the Administration's objective in Section 7 of improving detection of cybersecurity vulnerabilities and incidents.
We look forward to partnering across the federal government to help achieve the objectives of this Executive Order and better secure our nation's digital assets."
Trustwave is a leader in managed detection and response. It's flagship database security product, DbProtect, safeguards 1M+ databases in public and private sector industries across the world and is currently utilized by 165 government agencies and counting.
In terms of next steps with the Executive Order, the rollout of such a plan will take time and dedication.
Moreover, this undercover $5M ransomware payment by Colonial, which has neither been officially confirmed nor denied, does leave many questions about what the prescription will be for the growing ransomware threat that only seems to be getting worse. It appears that now, more than ever, it is paramount that the government and private sector companies collaborate closely on cyber initiatives and best practices.