As part of a broad effort to strengthen the U.S. infrastructure against cyberterrorism, President Joe Biden signed an executive order on Wednesday that placed strict standards on software sold to the federal government, reports the New York Times. The order, aimed at encouraging private companies to practice better cybersecurity or risk being locked out of federal contracts, comes amid a wave of new cyberattacks, more sophisticated and far-reaching than ever. Over the past year, roughly 2,400 ransomware attacks have hit corporate, local and federal offices in extortion plots that lock up or publish victims’ data if they fail to pay a ransom.
For the first time, the U.S. will require all software purchased by the federal government to meet, within six months, a series of new cybersecurity standards. Although the companies would have to “self-certify,” violators would be removed from federal procurement lists, which could kill their chances of selling their products on the commercial market. The order also establishes an incident review board to learn lessons from major hacking episodes such as the SolarWinds hack, and requires all federal agencies to encrypt data, whether it is in storage or while it is being transmitted. Previous efforts to mandate minimum standards on software have failed to get through Congress in the face of protest from small companies that say the changes are not affordable, and larger ones that have opposed an intrusive role of the federal government.