Biden Order Adds Info-Sharing Onus On Wary Contractors
Government Contracts attorney Eric Crusius was quoted in a Law360 article about new requirements being imposed on contractors by way of an executive order from the office of President Joe Biden. The order is aimed at protecting federal networks from cyberattacks and equipping them to better respond when breeches do occur. The full scope of the order's impact will depend on how it's implemented through regulation, with specific definitions of some key terms, such as what counts as "critical software," and what products should be on a list of critical software.
"The way that definition is written in the executive order could include just about any piece of software that the government uses, including commercial-off-the-shelf software that is ubiquitous, such as a word-processing program or a spreadsheet program," Mr. Crusius said.
The definition of "information and communications technology" service providers that will be required to "promptly report" cyber incidents involving a software product or service is also up in the air, and if defined broadly could include most services contractors, which often provide IT services as part of their work, he continued. "You're going to bring in a lot of contractors that don't have really any clue that they're going to have to comply with a new regulatory regime."