As he prepares to leave office, President Joe Biden has just signed an executive order focused on cybersecurity. This order aims to build on the steps his administration has already taken, addressing the growing threats in cyberspace.
In these final days before President-elect Donald Trump takes office, Biden laid out specific actions to hold software and cloud service providers accountable. He wants to improve the security of U.S. government IT systems and encourage innovation while tackling malicious cyber threats from abroad. “Significant malicious cyber-enabled activities pose an unusual and extraordinary threat to national security, foreign policy, and our economy,” Biden told Congress. He stressed the urgency, saying these cyber attacks disrupt essential services, cost billions, and compromise Americans’ security.
Key elements of this order include new reporting requirements for software suppliers working with the government. The Cybersecurity and Infrastructure Security Agency (CISA) will oversee these changes, ensuring companies provide secure software development attestations. Federal agencies will be required to adopt industry best practices in identity and access management, enhancing visibility against threats and reinforcing cloud security. This includes implementing strong authentication and encryption.
Biden’s order also encourages the modernization of critical government infrastructure and enforces cyber best practices, like zero-trust security, endpoint detection and response tools, and phishing-resistant multi-factor authentication.
There’s a push to boost research at the intersection of artificial intelligence and cybersecurity, along with post-quantum encryption. Additionally, it sets forth measures to block and prevent any property transfer in the U.S. related to individuals involved in malicious cyber activities.
Gary Barlet, the CTO for public sector at Illumio and a former CIO in the government, commented on the order, saying it presents promising initiatives that could significantly strengthen U.S. cybersecurity. Stricter software requirements and guidance on using AI in cyber defenses are particularly noteworthy. He highlighted the necessity of collaboration in making these measures effective.
However, with Biden’s term winding down, Barlet noted that the success of this executive order hinges on what the incoming Trump administration prioritizes. Trump may push for new executive orders focusing on issues that resonate with his voter base, like immigration, but it remains unclear how he will approach cybersecurity.
Anne Neuberger, deputy national security advisor for cyber and emerging technologies, mentioned that Biden’s team didn’t coordinate the contents of the EO with Trump’s transition team beforehand, though they are open to discussions once the new team is in place.
In potential leadership changes, Trump may appoint Sean Plankey, a cybersecurity veteran, to lead CISA. Plankey has a robust background, having held various security roles in the Department of Energy and on the National Security Council during Trump’s first term.
Neuberger expressed hope that the broad goals set out in Biden’s executive order will resonate enough to be carried forward by the next president.