Four days before leaving office, US President Joe Biden issued a sweeping cybersecurity directive, requiring improvements in how the government monitors networks, buys software, uses artificial intelligence and punishes information. foreign pirates.
the The decree is 40 pages long announced Thursday is the Biden White House's final push to launch efforts to harness the security benefits of AI, deploy digital identities for US citizens and close the gaps that have helped to China, Russia and other adversaries many times penetrate US system of government.
The executive order “is designed to strengthen America's digital foundation and also put the new administration as well as the country on the path to continued success.”
Featured in Biden's directive is the question of whether president-elect Donald Trump will continue any of these initiatives after he is sworn into office on Monday. None of the high-tech projects issued in the order are partisan in nature, but Trump's advisers may prefer different approaches (or timetables) to address the problems the order identifies .
Trump has not yet named any of his top cyber officials, and Neuberger said the White House did not discuss the order with his transition staff, “but we are very pleased, as soon as the new cyber group is name, there will be any discussion.” during this final transition period.”
The core of the executive order is a series of mandates aimed at protecting government networks based on lessons learned from recent major incidents—specifically, security lapses by federal contractors .
The order requires software vendors to submit evidence that they follow the above building upon, secure development practices a mission has launched in 2022 in response Biden's first cyber executive order. The Cybersecurity and Infrastructure Security Agency will be tasked with thoroughly examining these security certifications and working with vendors to fix any issues. To carry out certain requests, the White House Office of the Director of National Cyber “is encouraged to refer unconfirmed endorsements to the Attorney General” for investigation and potential prosecution.
The order gives the Department of Commerce eight months to evaluate the cyber practices most commonly used in the business community and issue guidance based on them. Soon, those practices will become mandatory for companies wanting to do business with the government. This directive also initiates updates to information from the National Institute of Standards and Technology. Guidelines for safe software development.
Another part of the directive focuses on protecting cloud platform authentication keys, the breach of which has opened up opportunities for China steal government emails from Microsoft servers and its recent Supply chain hack of the Ministry of Finance. The Department of Commerce and the General Services Administration have 270 days to develop guidelines on key protection, which would then have to become a requirement for cloud providers within 60 days.
To protect federal agencies from attacks based on vulnerabilities in Internet of Things gadgets, the order sets a deadline of January 4, 2027 for agencies to purchase only consumer IoT devices that New feature released. US Cyber Trust Mark label.