Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Four days before leaving office, US President Joe Biden issued a sweeping cybersecurity directive ordering improvements to the way the government monitors its networks, buys software, uses artificial intelligence and punishes foreign hackers.
U 40 page executive order unveiled Thursday is the latest attempt by the Biden White House to begin efforts to harness the security benefits of AI, launch digital identities for American citizens, and close loopholes that have helped China, Russia and other opponents. repeatedly to penetrate US government systems.
The order “is designed to strengthen America’s digital foundations and also set the new administration and the country on a path for continued success,” said Anne Neuberger, Biden’s deputy national security adviser for cyber and emerging technology. , he told reporters on Wednesday.
In view of Biden’s directive is the question of whether President-elect Donald Trump will continue any of these initiatives after taking the oath of office on Monday. None of the highly technical projects decreed in the order are partisan, but Trump’s advisers may prefer different approaches (or timelines) to solving the problems the order identifies.
Trump has not named any of his top cyber officials, and Neuberger said the White House has not discussed the order with his transition staff, “but we’re very happy to, as soon as the incoming cyber team is called, have discussions during this final transition period.
The heart of the executive order is a series of mandates for protecting government networks based on lessons learned from recent major incidents, namely, the security failures of federal contractors.
The order requires software vendors to submit proof that they follow safe development practices by building them a mandate that debuted in 2022 in response to Biden’s first cyber executive order. The Cyber Security and Infrastructure Agency would be tasked with double-checking these security attestations and working with vendors to resolve any issues. To put some teeth behind the requirement, the Office of the National Cyber Director of the White House is “encouraged to refer attestations that fail validation to the Attorney General” for potential investigation and prosecution.
The order gives the Commerce Department eight months to assess the most commonly used cyber practices in the business community and issue guidance based on them. Soon after, these practices will become mandatory for companies seeking to do business with the government. The directive also launches updates to the National Institute of Standards and Technology secure software development guide.
Another part of the directive focuses on the protection of the authentication keys of cloud platforms, the compromise that opened the door to China. the theft of government emails from Microsoft servers and its recent Treasury Department supply-chain hacking. The Commerce and General Services Administration has 270 days to develop guidelines for key protection, which should be required of cloud vendors within 60 days.
To protect federal agencies from attacks that rely on flaws in Internet of Things gadgets, the order sets a January 4, 2027, deadline for agencies to buy only consumer IoT devices that carry the newly launched. Label US Cyber Trust Mark.
