The executive order, which has been in development for months, addresses federal computer networks — not the critical infrastructure operated by private companies such as Colonial Pipeline, which suffered a major ransomware attack that led to hoarding and gasoline shortages throughout the eastern U.S. But some of the directive’s provisions could also influence how the Biden administration works to secure the United States' poorly protected infrastructure facilities. Biden’s order requires agencies to encrypt their data, update plans for securely using cloud hosting services and enable multi-factor authentication, an extra security step that forces users to enter a randomly generated code after typing in their password. It also creates a cyber incident review group, modeled on the National Transportation Safety Board that investigates aviation, railroad and vehicle crashes, to improve the government’s response to cyberattacks. And it sets the stage for requiring federal contractors to report data breaches and meet new software security standards.