Four days before leaving office, US President Joe Biden has issued a sweeping cybersecurity directive ordering reforms to the way the government monitors its networks, buys software, uses artificial intelligence and punishes foreign hackers. Has gone.
40 page executive order Unveiled on Thursday, the Biden White House's final effort to harness the security benefits of AI, introduce digital identities for American citizens and kickstart efforts to close the gaps that help China, Russia and other adversaries Is. Frequently to penetrate American Government Systems.
“This order is designed to strengthen America's digital foundation and set the new administration and the country on a path to continued success,” Anne Neuberger, Biden's deputy national security adviser for cyber and emerging technologies, told reporters on Wednesday.
The question is whether President-elect Donald Trump will continue any of these initiatives after taking the oath of office on Monday. None of the high-tech projects set out in the order are partisan, but Trump's advisers may prefer different approaches (or timetables) to solving the problems identified by the order.
Trump has not named any of his top cyber officials, and Neuberger said the White House did not discuss the order with his transition staff, “but we're very pleased to name the incoming cyber team as soon as possible.” “There will be some discussion during this final transition period.”
The core of the executive order is a series of mandates to protect government networks based on lessons learned from recent major events – namely, the security failures of federal contractors.
The order requires software vendors to submit proof that they follow secure development practices. a mandate that began In response to 2022 Biden's first cyber executive orderThe Cybersecurity and Infrastructure Security Agency will be tasked with double-checking these security verifications and working with vendors to fix any issues. Leaving aside the requirement, the White House Office of the National Cyber Director is “encouraged to refer failed verifications to the Attorney General” for possible investigation and prosecution.
The order gives the Commerce Department eight months to assess the most commonly used cyber practices in the business community and issue guidance based on them. Soon after, these practices will become mandatory for companies wishing to do business with the government. This directive also initiates the update of the National Institute of Standards and Technology secure software development guidance,
Another part of the directive focuses on the security of authentication keys of cloud platforms, the compromise of which opened the door to China Theft of government emails from Microsoft servers And this is recent Treasury Department supply-chain hackThe Commerce and General Services Administration has 270 days to develop guidelines for key security features that must become requirements for cloud vendors within 60 days.
To protect federal agencies from attacks that rely on flaws in Internet-of-Things gadgets, the order sets a deadline of January 4, 2027, for agencies to test only newly launched consumer IoT devices. Can buy the device. us cyber trust mark label,