U.S. President Joe Biden (left) and U.S. Secretary of State Antony Blinken speak on the ceasefire agreement between Israel and Hamas in the Cross Room of the White House in Washington, U.S., Wednesday, Jan. 15, 2025. Israel and Hamas agreed to the agreement a ceasefire that would at least temporarily halt the war in Gaza, which has killed tens of thousands of people over the past 15 months and caused wider turmoil in the Middle East.
Aaron Schwartz | Sipa | Bloomberg | Getty Images
The Biden administration announced a cybersecurity executive order on Thursday that imposes new standards on companies that sell to the U.S. government and calls for greater disclosure by software vendors.
The White House intends to introduce new policies “to strengthen America's digital foundation,” Anne Neuberger, deputy national security adviser for cybersecurity and emerging technologies, said during a briefing with reporters Wednesday.
In recent years, cyberattacks have caused increasing disruptions to federal agencies and businesses.
Attackers launched ransomware attacks on Change Healthcare, the operator of the Colonial Pipeline health care system, and Ascension. AND Microsoft stated in 2023 that Chinese attackers had compromised the email accounts of U.S. government officials, prompting the release of a critical federal report and series of changes at the software manufacturer.
The statement says companies selling software to the U.S. government will have to demonstrate that their programming practices are safe. “There will be evidence that we will post on the government website for all software users to use,” Neuberger said.
The General Services Administration will need to establish policies that force cloud service providers to publish information to customers on how to operate safely.
As a result of the executive order, companies selling products and services to the U.S. government must follow a new set of security practices.
Last week the White House announced the US Cyber Trust Mark, which helps consumers rate internet-connected devices. The executive order states that, starting in 2027, the U.S. government will purchase such products only if they are labeled.
The order also directs the National Institute of Standards and Technology to develop guidelines for handling software updates. In late 2020, hackers gained access to Microsoft and the US Department of Defense systems via targeting updates Down SolarWindsOrion software.
It is unclear whether the president-elect Donald Trumpthe new administration will uphold the executive order. Biden's cybersecurity officials have not met with people who will work for Trump.
“We haven't talked about it, but we are very happy that as soon as the new cybersecurity team is established, we will of course have any discussions during the final transition period,” Neuberger said.
