Colonial Pipeline is one of the largest pipeline operators in the United States, providing significant chunk of the fuel, including gasoline, diesel, heating oil, jet fuel, and military supplies, and transporting over 100 million gallons of fuel daily across wide area spanning Texas to New York. Earlier this year, Colonial Pipeline reported a cyberattack, forcing it to close energy operations and freeze systems. Deep concern on the supply shortage of energy, caused gasoline prices go up in the futures segment of the markets, reaching their highest level in last three years. The attack was enormous in scale and targeted the critical infrastructure.

Hackers were supposed to be linked to a group called, ‘DarkSide’ which specialize in digital extortion and are believed to be operating in Russia/Eastern Europe. According to media reports, Colonial Pipeline Co. paid significant amount of money to hackers in cryptocurrency. To keep the fuel supplies running in the country and protect citizen from supply crunch, it becomes imperative to solve the  problem and not let the issue result into a national catastrophe.

Following the attack, US President Joe Biden issued an executive order (EO) that intends to strengthen the Government response in such as situation in a more decisive and integrated way. The Executive order removes legal  barriers for sharing threat information, modernizing federal government cybersecurity apparatus, enhancing software supply chain security, establishing  cyber safety review board and standardizing the Government’s playbook for responding to cyber vulnerabilities

Executive order enables the President to issue federal directives in the United States.  United States Constitution provides for  president executive and enforcement authority, for exercising his discretion, while determining the question of enforcement of law, managing the resources etc.  Congress delegates the president some degree of discretionary power, which can be exercised through executive orders and these are subject to judicial review and may be overturned if the orders is not backed by regulatory provision or the Constitution. The nature of  executive order is such that, once issued, it will remain in force until they are cancelled, revoked,  or expire on their terms. President has the authority to revoke, modify, or make exceptions from any executive order, whether the order was made by the current president or his predecessor. 

EO will have far reaching impact and will significantly impact the conduct of the private sector. Executive order intents to highlights the urgency, that the Corporates may follow the federal government’s lead and take ambitious measures to strengthen the goal of minimising future cybersecurity incidents.

Presently, the Federal Government contracts with various service providers for sourcing various critical functional services. Current contract of service level agreement terms may include privacy clauses for information sharing, that may restrict sharing of incident information with executive departments and agencies, responsible for investigating or remediating cyber incidents. Removing these contractual barriers through EO, will facilitate in  increasing the sharing of information about such threats and incidents, and take necessary steps to accelerate incident deterrence, and response efforts for enabling more effective defence.

As we know US is a growing gig economy, which works largely on a contractual basis. According to 2015 data, reference, list developed annually by the U.S. General Services Administration for tracking of  government procurement, top departments for availing contractors services were the Department of Defense , Department of Energy,Health and Human Services, Department of Veteran Affairs , and NASA . US Government works with hundreds of IT Contractors and  top  contractors who received this payment included, Lockheed Martin, Boeing, General Dynamics, Raytheon and Northrop Gruman.

The security of software used by the Government is imperative to the Government’s ability to perform its functions in a smooth and orderly way. Because of the susceptibility of software failure to malicious attacks, there is a growing concern that development of commercial software is lacking transparency and  focus on the ability of the software by developer team, to resist malicious attacks.  With the growing failure, there is a pressing need to implement predictable mechanisms for ensuring that software functions securely and meets its objective during the time of crises.  In the face of the growing Cyber Threats, the Federal Government, through its Executive Order, have taken robust action to significantly improve the security and integrity of the software supply chain.