Governments must act on cybersecurity. The new US executive order is a start.

The recent Colonial Pipeline cyber attack was a unfortunate reminder of the danger of cyber attacks to a nation's economy.

Since the ransomware attack, the pipeline, which carries almost half of the East Coast's supply of diesel, petrol and jet fuel, has been mostly offline, causing prices on gasoline to spike to their highest levels since 2014. The pipeline is reported to have paid a ransom of about $5 million in bitcoin to the hackers.

Days later, the US issued an executive order laying out a plan to improve the nation's cybersecurity. It's a welcome move and could offer a way forward to prevent similar attacks in the future.

Why governments must act on cybersecurity

Cybersecurity challenges are systemic and require both the private and public sectors to work closely together in order to achieve a strong cyber resilience.

National governments around the globe are one the biggest buyers of technology solutions and investors in innovation through their R&D grants. Governments play an important role in defining the baseline of cybersecurity in products, including software and hardware, that they buy or acquire.

By ensuring cybersecurity due diligence in technology innovation, development and acquisition, governments can increase the overall health of their technology and its providers’ long-term success.

The US executive order

The US executive order is an important step because it will set the stage for collaborative efforts between public and private sectors that should eventually be scaled beyond national borders.

The focus on enhancing software supply chain security is particularly key. The government says it will pilot new programs, such as labeling software security.

The order also includes much needed support for transparency and accountability in the digital supply chain by requiring important disclosures like a Software Bill of Materials that help government buyers understand where their code is coming from and who wrote it.

The executive order also says the US will promote more durable technology and improve overall cyber resilience. It includes the principle of “Zero Trust Architecture,” which is designed to protect modern digital environments by leveraging network segmentation, preventing lateral movement, providing Layer 7 threat prevention and simplifying granular user-access control.

This is encouraging because it suggests the government is elevating cybersecurity to a strategic level when developing new technologies and building cybersecurity programs across public and private sectors.

There's hope that this executive order will bring cybersecurity issues to the attention of private-sector executives and inspire action.

Cybersecurity is a team sport, and success hinges on the contributions of all ecosystem players. The complex challenges in ensuring trust and safety in today’s digital reality, like supply chain security, cybercrime, privacy, and many others, can only be solved through public-private cooperation on the global level.