Four days before he leaves office, US President Joe Biden issued a sweeping cybersecurity directive requiring the government to monitor its networks, buy software, use artificial intelligence and punish foreign hackers.
The 40-page executive order unveiled Thursday is the latest effort by the Biden White House to harness the security benefits of AI, roll out digital identities for US citizens and kickstart the close loopholes that have helped China, Russia and other adversaries. Repeatedly the insect US system of government.
Ann Neuberger, Biden’s deputy national security adviser for cyber and emerging technologies, told reporters Wednesday that the order is “designed to strengthen America’s digital foundation and put the new administration and the country on a path of continued success.”
Attention to Biden’s directive has raised questions about whether President-elect Donald Trump will continue any of those initiatives after he is sworn in on Monday. None of the highly technical projects decreed in the order are partisan, but Trump’s advisers may prefer different methods (or schedules) to address the issues the order identifies.
Trump did not name any of his top cyber officials, and Neuberger said the White House had not discussed the order with his transition staff, “but we’re very happy, as soon as the incoming cyber team was named, there was a discussion. During this period of final transformation.”
The core of the executive order is an array of mandates to secure government networks based on lessons learned from recent major incidents—such as security failures at federal contractors.
The order requires software vendors to submit evidence that they follow safe development practices, including building launches An order that manifests itself In response to this in 2022 Biden’s first cyber executive order. The Cybersecurity and Infrastructure Security Agency will be tasked with double-checking these security certifications and working with vendors to resolve any issues. To put some teeth behind the requirement, the Office of the National Cyber Director of the White House is “encouraged to refer allegations that fail to validate to the Attorney General” for possible investigation and prosecution.
The order gives the Commerce Department eight months to assess the most commonly used cyber practices in the business community and issue guidance based on them. Soon, these practices will become mandatory for companies seeking to do business with the government The directive also initiates updates from the National Institute of Standards and Technology Guidelines for Secure Software Development.
Another part of the directive focuses on the protection of authentication keys on cloud platforms, whose compromise has opened the door for China to Stealing government emails from Microsoft servers And his latest Treasury Department Supply-Chain Hack. The Commerce and General Services Administration has 270 days to develop guidance for core security, which must become a requirement for cloud vendors within 60 days.
To protect federal agencies from attacks that rely on flaws in Internet-of-things gadgets, the order sets Jan. 4, 2027, as the deadline for agencies to purchase only newly launched IoT devices. US Cyber Trust Mark Label.
