总统乔·拜登周三签署了一项行政命令,旨在通过“改善美国政府和私营部门在网络问题上的信息共享”,提高对联邦系统黑客的检测,并为如何应对网络攻击创建一个“标准化的剧本”,使联邦政府对网络攻击的反应现代化政府回应根据白宫的说法。
面对为什么美国没有做好准备的问题保护其基础设施从像对殖民管道的勒索软件攻击这样的黑客攻击中,该命令试图让联邦政府更快地跟上步伐。
然而,尽管它消除障碍与联邦政府共享黑客信息的私营部门没有授权就停止像殖民管道这样的公司共享信息。一名高级政府官员在与记者的电话中澄清说,联邦政府将要求私营公司“与联邦政府做生意”,并与其分享黑客信息。
“我们尽最大努力推动当局,”这位官员告诉记者,“并说任何与美国政府做生意的人都必须分享事件,这样我们才能利用这些信息更广泛地保护美国人。”
“这一行政命令首先是要采取必要措施防止网络入侵。第二,确保我们做好准备,在事件发生时迅速做出反应。
这位官员告诉记者,拜登政府自第二周以来一直在制定这一行政命令,预计这将有助于解决类似于袭击殖民管道的黑客攻击。
这位官员表示:“从根本上说,殖民事件是一个信息技术事件,这一行政命令将使信息技术软件更加安全。”。
这位官员说,该命令将要求联邦政府购买的所有软件在九个月内达到一定的安全标准。白宫表示,它“创建了一个试点项目,以创建一个‘能源之星’类型的标签,以便政府和广大公众能够快速确定软件开发是否安全”。
这位官员说:“我们正在努力提高软件安全性的可见性,就像纽约要求餐馆在窗户上贴上简单的A、B、C或D评级,从而提高纽约餐馆的可见性和清洁度一样。”
Biden signs executive order to improve government response to cyberattacks
PresidentJoe Bidensigned an executive order Wednesday aimed at modernizing the federal government's response to cyberattacks -- by "improving information-sharing between the U.S. government and the private sector on cyber issues," improving detection of hacks into federal systems, and creating a "standardized playbook" for how thegovernment respondsto attacks, according to the White House.
Facing questions about why the U.S. isn't better prepared toprotect its infrastructurefrom hacks like the ransomware attack on the Colonial Pipeline, the order seeks to bring the federal government more up to speed.
However, while itremoves barriersto the private sector sharing info with the federal government about hacks, itstops short of mandatingcompanies like Colonial Pipeline share information. A senior administration official clarified on a call with reporters that the federal government would mandate private companies "doing business with the federal government" share information with it about hacks.
"We pushed the authority as far as we could," the official told reporters, "and said anybody doing business with the U.S. government will have to share incidents, so that we can use that information to protect Americans more broadly."
“This executive order is about taking the steps necessary to prevent cyber intrusions from happening in the first place. And second, ensuring we're well positioned to react rapidly to address incidents when they do occur,” the official continued.
The Biden administration has been working on this executive order since its second week, the official told reporters, and it is expected to help address hacks similar to the one that hit the Colonial Pipeline.
"Colonial fundamentally was an IT incident, and this executive order will make IT software more secure," the official said.
The order will require all software bought by the federal government to meet certain security standards within nine months, the official said. And it "creates a pilot program to create an 'energy star' type of label so the government -- and the public at large -- can quickly determine whether software was developed securely," the White House said.
"We're working to bring visibility to the security of software," the official said, "akin to the way New York brought visibility and cleanliness to New York City restaurants by requiring restaurants to post simple ratings like A, B, C or D, regarding their cleanliness in their windows."
