Yesterday evening, the Biden administration released its much-anticipated “Executive Order on Improving the Nation’s Cybersecurity.” It is tempting to yawn; every administration in recent memory has done something of this kind, after all, and not always to significant effect. But this executive order deserves your attention. It contains concrete measures tailored to respond to lessons learned from recent crises, especially the SolarWinds and Microsoft Exchange compromises.
Is there more work to do? Obviously, yes. But to a significant extent that’s a job for Congress. The question at the moment is whether the Biden administration with this executive order has made good use of the limited tools that it controls directly. As we explain below, the answer is largely yes.