President Joe Biden is calling for tighter cybersecurity standards for federal agencies and contractors in a new executive order expected to be published in the coming days. This initiative comes in response to repeated Chinese-linked cyber operations and other cybercriminal activities, as outlined in a draft seen by Reuters.
This executive order, set to be one of Biden’s final moves in office, addresses multiple high-profile breaches targeting critical infrastructure, government emails, telecom firms, and, most recently, the U.S. Treasury Department. While Beijing has denied involvement, U.S. authorities and cybersecurity groups have linked the activity to Chinese hackers.
Key Highlights of the Executive Order
- Secure Software Development Standards:
- Vendors must provide documentation proving their software adheres to secure development practices.
- The Cybersecurity and Infrastructure Security Agency (CISA) will evaluate and validate these attestations through its software attestation program.
- Failure to meet standards could result in referrals to the Attorney General for appropriate action.
- Addressing Critical Vulnerabilities:
- The order emphasizes managing access tokens and cryptographic keys securely—a direct response to Chinese-linked hackers exploiting these weaknesses to access U.S. government email accounts in 2023.
- Strengthened Federal Cybersecurity:
- Federal agencies are required to adopt technologies and tools certified under strict cybersecurity guidelines, ensuring enhanced resilience against cyber threats.
Expert Opinions
Tom Kellermann, Senior Vice President of Cyber Strategy at Contrast Security, praised the move but noted that the timelines for implementation could be faster given the immediacy of threats from China, Russia, and cybercriminal groups. “We are dealing with an insurgency across critical infrastructure and government agencies,” he stated.
Brandon Wales, Vice President of Cybersecurity Strategy at SentinelOne and a former CISA official, highlighted the progress made over the past five years. He commended the focus on leveraging existing capabilities to address a range of evolving cyber threats.
A Legacy of Cybersecurity
As cyberattacks grow in frequency and sophistication, Biden’s executive order aims to set a solid foundation for national cybersecurity. The initiative not only targets immediate threats but also focuses on long-term solutions by integrating advanced technologies like artificial intelligence and secure cloud management practices.
By prioritizing robust cybersecurity measures, the U.S. government is taking a decisive stand against state-sponsored hacking and cybercriminal activities. This comprehensive strategy underscores the need for secure systems to protect critical infrastructure and national security for years to come.