President Joe Biden today signed an executive order that is aimed at strengthening U.S. cybersecurity defenses.

Coming less than a week after pipeline system operator Colonial Pipeline Co. was crippled by a ransomware attack resulting in gas shortages on the U.S. East Coast, the executive order outlines a range of initiatives. They include reducing barriers to information sharing between government and the private sector, mandating the use of multifactor authentication by government departments, establishing a Cybersecurity Safety Review Board and creating a standardized response playbook for responding to cyberattacks.

An additional initiative includes a commitment to improving the security of software by establishing baseline security standards for software sold to the government. Though a reasonable goal, where it takes a twist is that it will include a pilot program to create an “Energy Star” type of label so that the government and public can determine if the software was developed securely.

“Too much of our software, including critical software, is shipped with significant vulnerabilities that our adversaries exploit,” the White House said in a fact sheet. “This is a long-standing, well-known problem but for too long we have kicked the can down the road.”

The question of how and who would apply an energy star rating to software was not explained. No company creating software intentionally ships software knowing that it’s full of vulnerabilities. Windows 10, for example, has more than 50 million lines of code with vulnerabilities regularly found.

Further initiatives include the improvement of detection of cybersecurity incidents on federal government networks by enabling government-wide endpoint detection and response system and an improvement in investigation and remediation capabilities through the creation of a “cybersecurity event log” for federal departments and agencies.

Despite some concerns over details such as the rating system for software, the executive order has been well-received by many cybersecurity professionals.

“The White House is to be commended for issuing an extensive executive order that acknowledges the severity and scope of the cybersecurity challenges facing the public and private sectors, the American people and our economy,” Rick Tracy, chief security officer at IT and cybersecurity company Telos Corp., told SiliconANGLE. “I especially applaud the direction for federal departments and agencies to, as much of the private sector has already done, move more rapidly to adopt secure cloud services, the requirement for them to adopt multifactor authentication and the push for increased use in government of such practices as zero trust architecture.”

Charles Herring, chief technology officer and co-founder of Big Data SIEM and SOAR firm WitFoo Inc., was likewise positive, noting that the Biden administration’s cybersecurity executive order is wide-ranging and carries an aggressive timeline to make overdue safeguards a pressing priority.

“The mandate for immediate deployment of multifactor authentication, EDR and log retention technologies across all Federal agencies are critical enhancements needed to modernize and harden government infrastructure,” Herring added. “These technologies also provide essential visibility into a very wide surface area across the Executive branch that will enable investigators to effectively track down and respond to emerging attacks.”

Others were more skeptical. Jeff Hudson, chief executive officer of machine identity management solutions provider Venafi Inc., said the new executive order is “a swing and a miss from the government.”

“Prescriptive regulations for the software industry simply will not work — the federal government cannot move quickly enough to effectively regulate how software is built,” Hudson explained. “The only way the government can help protect individuals and companies from becoming victims of insecure software build processes is by incentivizing the software industry to build better. There needs to be strict financial repercussions for any company that fails to do so. This order, as it stands, will slow down software companies and give attackers the opportunity to innovate faster.”

Photo: POTUS/Twitter