Biden Administration Orders Sweeping Directives to Federal Agencies and Contractors to Improve U.S. Cybersecurity
Client Alert | 1 min read | 05.13.21
The Biden Administration issued a detailed Executive Order (EO) on Improving the Nation’s Cybersecurity yesterday aimed at strengthening the Federal Government’s cybersecurity defense posture. The EO calls for the creation of new cybersecurity standards, as well as updates to FAR- and DFARS-based contract requirements, affecting both information and operational technology. Much of the EO addresses implementation throughout the Federal Civilian Executive Branch (FCEB) Agencies and the Department of Defense (DoD). The EO encompasses a broad array of cybersecurity initiatives for fast track implementation in partnership with the private sector, notably including:
- Requiring mandatory breach reporting to the Federal Government, applicable to both contractors and cloud service providers (CSPs) accessing Federal information systems;
- Implementing mandatory multifactor authentication, encryption and logging requirements for Federal information systems, applicable to contractors operating networks on behalf of the Federal Government;
- Creating a software supply chain security standard, including a consumer software labeling program, focused on secure software development practices that will impact Federal software acquisitions;
- Modernizing security practices including Zero Trust Architecture and accelerated movement to secure cloud services through FedRAMP;
- Establishing a Cyber Safety Review Board, modeled after the National Transportation Safety Board (NTSB), which will provide the Federal Government greater authorities to investigate significant cyber incidents occurring on contractor and CSP networks; and
- Standardizing a Federal Government Playbook for incident response activities, which will create a new standard of care for private industry and government contractors.
The EO directs the Federal Government to prioritize these initiatives over the next year, with some actions to be implemented as soon as within the next 30 days. Contractors should anticipate a myriad of proposed regulatory changes over the next 60 – 90 days as agencies begin implementing these wide-ranging cyber initiatives.
Contacts
Partner, Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 3 min read | 11.21.25
On November 7, 2025, in Thornton v. National Academy of Sciences, No. 25-cv-2155, 2025 WL 3123732 (D.D.C. Nov. 7, 2025), the District Court for the District of Columbia dismissed a False Claims Act (FCA) retaliation complaint on the basis that the plaintiff’s allegations that he was fired after blowing the whistle on purported illegally discriminatory use of federal funding was not sufficient to support his FCA claim. This case appears to be one of the first filed, and subsequently dismissed, following Deputy Attorney General Todd Blanche’s announcement of the creation of the Civil Rights Fraud Initiative on May 19, 2025, which “strongly encourages” private individuals to file lawsuits under the FCA relating to purportedly discriminatory and illegal use of federal funding for diversity, equity, and inclusion (DEI) initiatives in violation of Executive Order 14173, Ending Illegal Discrimination and Restoring Merit-Based Opportunity (Jan. 21, 2025). In this case, the court dismissed the FCA retaliation claim and rejected the argument that an organization could violate the FCA merely by “engaging in discriminatory conduct while conducting a federally funded study.” The analysis in Thornton could be a sign of how forthcoming arguments of retaliation based on reporting allegedly fraudulent DEI activity will be analyzed in the future.
Client Alert | 3 min read | 11.20.25
Client Alert | 3 min read | 11.20.25
Client Alert | 6 min read | 11.19.25
