Federal authorities replace voluntary cybersecurity guidance for the pipeline industry with mandatory regulation after many drivers in the southeast lined up for the sudden loss of gasoline supply due to a cyberattack on the colonial pipeline That was welcome news.

Despite 20 years of concern and 10 years of devastating hacking of US and foreign government and commercial goals, cyber defense still has many holes and, if misused, cripples the country. There is a possibility. If the issue is not resolved immediately, the United States may find it unable to protect itself or its allies.

President Joe Biden’s executive order is a step towards addressing a major cybersecurity flaw, but Congress needs to strengthen and expand it. As a major national security concern, it should be a top priority for Congress this year. And it’s not cheap.

The Department of Homeland Security also responded this week with the first cybersecurity regulations for the pipeline sector to respond to colonial attacks.

The most devastating cyberattacks on US companies and government agencies are carried out by gloomy cybercriminals evacuating to foreign governments, especially Russia, China, Iran, North Korea, and areas under Russian control.

Colonial Pipeline Shutdown by Dark Side, one of such groups, was able to find a software flaw that shuts down the pipeline and demands a ransom and eventually withdraws $ 4.4 million from the company. It is said to have been caused. Little information is available on how cyber intrusions were achieved, but Mr. Biden’s orders strengthened the federal cybersecurity operations and created a cybersecurity security review board.

The committee is modeled after the National Transportation Safety Board, which investigates major cyberattacks and recommends corrections. But as the White House fact sheet on cybersecurity points out, the Colonial Pipeline case “reminds us that federal action alone is not enough. Many of the country’s key infrastructures are Owned and operated by the private sector, these private sector companies make their own decisions regarding investment in cybersecurity. “

That’s exactly why Congress action is needed. Only Congress can reliably define the authority of the Cyber ​​Security Safety Review Board to include mandatory amendments. By approving the security standards for software purchased by the federal government, the president is properly addressing loose security issues in software development (the main cause of the Russian government’s SolarWinds hack last year). However, he cannot require the private sector to take steps to minimize hacking, such as completely disconnecting the software development process from the Internet. Only Congress can do it.

For example, protecting commercial utility operating system vulnerabilities from infringement by foreign hackers requires more than just establishing an investigative agency. You need a law. A good model may be our food and drug regulation.

Congress should also consider imposing a costly abused software failure on software developers.

Mr Biden’s executive order is a step in the right direction, but the country needs to leap to a higher level of cybersecurity.

As colonial hacks have shown, our daily lives have become heavily dependent on the security of our supply networks, which are now under threat. Congress has the power to create better national cyber defenses. It has to act now.