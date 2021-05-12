The order comes amid a wave of new cyberattacks. Over the past year, roughly 2,400 ransomware attacks have hit corporate, local and federal offices in extortion plots that lock up victims’ data — or publish it — unless they pay a ransom.

The move is part of a broad effort to strengthen the United States’ defenses by encouraging private companies to practice better cybersecurity or risk being locked out of federal contracts. But the bigger effect may arise from what could, over time, become akin to a government rating of the security of software products, much the way automobiles get a safety rating or restaurants in New York get a health safety grade.

WASHINGTON — President Joe Biden signed an executive order Wednesday that placed strict new standards on the cybersecurity of any software sold to the federal government.

The most urgent fear is an attack on critical infrastructure. A ransomware attack on Colonial Pipeline’s information systems forced the company to shut down a critical pipeline for several days this week. The pipeline supplies 45% of the East Coast’s gasoline, diesel and jet fuel.

While every president since George W. Bush has issued new guidelines to bolster the country’s digital defenses, Biden’s order is intended to reach deep into the private sector. And it is far more detailed than past efforts.

For the first time, the United States will require all software purchased by the federal government to meet, within six months, a series of new cybersecurity standards.

The order also establishes an incident review board, much like the teams that investigate airline accidents, to learn lessons from major hacking episodes. The White House is mandating that the first incident under review will be the SolarWinds hack, in which Russia’s premier intelligence agency altered the computer code of a U.S. company’s network management software. It gave Russia broad access to 18,000 agencies, organizations and companies, mostly in the United States.

The new order also requires all federal agencies to encrypt data, whether it is in storage or while it is being transmitted — two very different challenges. When China stole 21.5 million files about federal employees and contractors holding security clearances, none of the files were encrypted, meaning they could be easily read.

This article originally appeared in The New York Times.