Langevin Praises Sweeping Biden Executive Actions on Cybersecurity

May 12, 2021 Issues: Cybersecurity

Congressman Jim Langevin (D-RI), chair of the House Armed Services Subcommittee on Cybersecurity, Innovative Technologies, and Information Systems and a member of the Cyberspace Solarium Commission, issued the following statement in response to the comprehensive cybersecurity executive actions taken by President Biden today:

“Cybersecurity is the most urgent national security challenge facing our nation, and I applaud President Biden for taking action early in his term to address and eliminate glaring vulnerabilities. From the SolarWinds supply chain compromise to the recent Colonial pipeline ransomware incident, events in just the past six months have underscored again and again our weaknesses in this new domain. We need the Biden-Harris administration to be bold, as Congress was in turning 27 Cyberspace Solarium Commission proposals into law last year. Thankfully, today’s executive actions deliver.

“I have long said that the federal government cannot partner with the private sector to defend the nation if it cannot defend itself. Today’s executive actions will address holes in federal network security by mandating commonsense security controls, like multi-factor authentication and encryption, that make all the difference. The Executive Order will implement key new legislation that allows the Cybersecurity and Infrastructure Security Agency (CISA) to proactively hunt for malicious cyber actors on federal networks, rather than waiting for an incident to happen. It will also require security logging, something I have championed in the wake of SolarWinds. Without logging, we can’t catch adversaries in the act nor can we reconstruct incidents after they happen. These steps are long overdue.

“I am also pleased the President’s actions address the root cause of cybersecurity incidents, which is insecure software. By using the purchasing power of the government to demand more of software vendors, we will help improve the security of the entire ecosystem. I am particularly excited to see an emphasis on software transparency. The National Telecommunications and Information Administration (NTIA) has made significant progress in proving the viability of a ‘software bill of materials,’ or ‘ingredient list’ for software. Putting foundational concepts like SBoM and vulnerability disclosure policies into federal procurement standards will lift everyone’s security, from power companies to small businesses.

“As the White House noted today, this Executive Order alone is not enough. The Senate must confirm Chris Inglis as the inaugural National Cyber Director as soon as possible, and the administration must ensure he hits the ground running by updating the Executive Order in line with his statutory role. The scourge of ransomware continues to affect pipelines, hospitals, schools, and more, and we need an empowered National Cyber Director in place to coordinate our response. The President has outlined a bold vision for federal network defense, but we need to move quickly to extend that to the private sector critical infrastructure that remains at risk.”