Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Four days before leaving office, US President Joe Biden issued a sweeping cybersecurity directive ordering improvements to the way the government monitors its networks, buys software, uses artificial intelligence and punishes foreign hackers.
The 40-page executive order released Thursday is the latest effort by the Biden White House to harness the security benefits of artificial intelligence, roll out digital identities for U.S. citizens and begin efforts to close loopholes that help China, Russia and other adversaries. many times to penetrate US government systems.
The order is “designed to strengthen America’s digital foundation and set the new administration and the country on a path to continued success,” Anne Neuberger, Biden’s deputy national security adviser for cyber and emerging technologies, told reporters on Wednesday.
Hanging over Biden’s directive is whether President-elect Donald Trump will pursue any of those initiatives after he is sworn in on Monday. None of the highly technical projects proposed in the order are favored, but Trump’s advisers may favor different approaches (or timetables) to solving the problems identified by the order.
Trump did not name any of his senior cyber officials, and Neuberger said the White House had not discussed the order with his transition staff, “but we’re very happy to have any discussions as soon as the incoming cyber team is named.” in this final transition period.”
The executive order is based on a series of mandates to protect government networks based on lessons learned from recent major incidents, namely security failures by federal contractors.
The order requires software vendors to provide evidence that they follow secure development practices debutant mandate in 2022 in response Biden’s first cyber executive order. The Cybersecurity and Infrastructure Security Agency will be tasked with double-checking these security certificates and working with vendors to resolve any issues. To put some teeth behind the requests, the White House’s Office of the National Cyber-Director is “encouraged to refer unverified certificates to the Attorney General” for potential investigation and prosecution.
The order gives the Commerce Department eight months to assess the most common cyber practices in the business community and issue guidance based on them. Soon these practices will be mandatory for companies that want to do business with the government. The directive also triggers innovations from the National Institute of Standards and Technology secure software development guide.
Another part of the directive focuses on protecting the authentication keys of cloud platforms, whose compromise opened the door for China. Stealing government emails from Microsoft servers and recently Treasury Department Supply Chain Disruption. The Commerce and General Services Administration has 270 days to develop guidelines for basic protections, which must become requirements for cloud vendors within 60 days.
To protect federal agencies from attacks based on flaws in IoT gadgets, the order sets a January 4, 2027 deadline for agencies to purchase consumer IoT devices that carry only newly launched IoT devices. US Cyber Trust Mark label.
