Skip to contentPhysical Address
304 North Cardinal St.
Dorchester Center, MA 02124
U.S. President Joe Biden, left, and Anthony Blinken, U.S. Secretary of State, speak at a cease-fire agreement between Israel and Hamas in the Cross Room of the White House in Washington, D.C., U.S., Wednesday, Jan. 15, 2025. Israel and Hamas agreed to a cease-fire deal that at least temporarily ended the 15-month-old war in Gaza that has killed tens of thousands of people and sparked wider turmoil in the Middle East.
Aaron Schwartz | Sipa | Bloomberg | Getty Images
The Biden administration on Thursday announced a cybersecurity executive order that imposes new standards on companies that sell to the US government and requires more disclosure from software vendors.
The White House is looking to introduce new rules “to strengthen America’s digital foundation,” Anne Neuberger, deputy national security adviser for cybersecurity and emerging technologies, said at a briefing with reporters on Wednesday.
In recent years, cyber attacks have increasingly disrupted federal agencies and companies.
The attackers launched ransomware attacks against Change Healthcare, the operator of Colonial Pipeline, and Ascension Health System. I Microsoft said in 2023 that Chinese hackers had hacked the email accounts of US government officials, prompting a critical federal report and a series of changes at the software manufacturer.
Companies that sell software to the US government will have to demonstrate that their development methods are secure, the statement said. There will be “evidence that we publish on a public website so that all users of the software can take advantage of it,” Neuberger said.
The Common Services Administration will need to establish policies that force cloud providers to publish information to customers about how to operate securely.
Companies that sell goods and services to the US government must follow a new set of security practices as a result of the order.
Last week, the White House announced the US Cyber Trust Mark to help consumers evaluate Internet-connected devices. The executive order states that starting in 2027, the US government will only buy such products if they are labeled.
The order also directs the National Institute of Standards and Technology to develop guidelines for handling software updates. In late 2020, hackers gained access to Microsoft and the US Department of Defense systems via targeting updates to SolarWindsOrion Software.
It is unclear whether the president has been elected Donald TrumpThe new administration will enforce the decree. Biden’s cybersecurity officials have not met with those who will take over for Trump.
“We haven’t discussed, but we’re very excited, that once the new cyber team is named, of course we will discuss that final transition period,” Neuberger said.
