While India still awaits its National Cybersecurity Policy, the United States President on Wednesday issued an executive order that overhauls its cybersecurity policy. "Cybersecurity incidents like SolarWinds, Microsoft Exchange, and now the Colonial Pipeline incident are a sobering reminder that both U.S. public- and private-sector entities are very vulnerable to constant, sophisticated, and malicious attack — from nation-state adversaries to run-of-the-mill criminals," a senior administration official said in a press call. The order focuses on the following policy key changes: Improving threat information sharing between government and the private sector The Federal Acquisition Regulation (FAR) and the Defense FAR Supplement contracts will be reviewed and modified by the Director of the Office of Management and Budget (OMB) to remove contractual obligations that deter service providers from sharing information into cyber threats. Common cybersecurity contractual requirements across agencies will be standardised, while agency-specific requirements will be reviewed by the Secretary of Homeland Security in consultation with the Secretary of Defense, the Director of OMB, and the Administrator of General Services and accommodated. The contract will be modified to instruct: service providers to collect and preserve data related to cybersecurity events service providers to share such data with the agency that has contracted it or with any other appropriate agency specified by the Director of OMB service providers collaborate with federal cybersecurity or investigative agencies in their investigations of cybersecurity incidents on Federal Information Systems service providers share cyber threat and incident information with agencies Furthermore, the contract will specify: the nature of cyber incidents…
