Communications Litigation Today was a Warren News publication.

House Science Backs Cyber EO, Highlights Federal Failures

President Joe Biden’s cybersecurity executive order is a welcome step in improving federal cybersecurity (see 2105240072), and GAO’s December supply chain report shows agencies aren’t prepared, House Science Committee members said during a joint hearing Tuesday. The supply chain risk management audit is “truly alarming,” said Investigations Subcommittee ranking member Jay Obernolte, R-Calif. More than half the 23 agencies analyzed didn’t implement basic best practices, he noted, saying this points to a failure of governance. Subcommittee Chairman Bill Foster, D-Ill., questioned whether agencies are doing enough to enforce best practices. The EO calls for bold action, he said. It's a “sea change” in how the federal government approaches cybersecurity, said Research and Technology Subcommittee Chairwoman Haley Stevens, D-Mich. She highlighted the National Institute of Standards and Technology’s role. Research and Technology Subcommittee ranking member Michael Waltz, R-Fla., called the EO a good starting point, saying there’s much work ahead. The auditor report really is “alarming” and shows foundational practices and guidance aren’t being followed, he said. NIST is committed to develop standards, best practices and key guidance for securing critical software, said Information Technology Laboratory Computer Security Division Chief Matthew Scholl. GAO is examining unknowns about the SolarWinds cyberattack, which had unprecedented sophistication, said GAO Information Technology and Cybersecurity Director Vijay D’Souza: The attack wasn’t surprising given findings in December's study.