Four days before leaving office, US President Joe Biden issued a sweeping cybersecurity directive ordering improvements to the way the government monitors its networks, procures software, uses artificial intelligence, and punishes foreign hackers.
The 40-page executive order unveiled Thursday is the Biden White House’s latest attempt to jump-start efforts to harness the security benefits of artificial intelligence, roll out digital identities to American citizens, and close gaps that have helped China, Russia and other adversaries. repeatedly breakthrough US government regulations.
The order is “designed to strengthen America’s digital foundations as well as position the new administration and the country for continued success,” Anne Neuberger, Biden’s deputy national security adviser for cyberspace and emerging technology, told reporters on Wednesday.
Looming large is the question of Biden’s guidance on whether President-elect Donald Trump will pursue any of these initiatives after he is sworn in on Monday. None of the high-tech projects outlined in the order are partisan, but Trump’s advisers may favor different approaches (or timelines) to solve the problems the order identifies.
Trump has not named any of his top cyber officials, and Neuberger said the White House has not discussed the matter with his transition staff, “but we are very happy to have any discussions once the next cyber team is named.” During this final transition period.”
The core of the executive order is a set of mandates to protect government networks based on lessons learned from recent major incidents, namely security failures by federal contractors.
It requires software vendors to provide evidence that they follow secure development practices, accordingly Mandate appeared for the first time In 2022 in response to Biden’s first electronic executive order. The Cybersecurity and Infrastructure Security Agency will be tasked with double-checking these security certificates and working with vendors to fix any issues. In order to put some force behind this requirement, the White House Office of the National Cyber Director “is encouraged to refer unverified testimony to the Attorney General” for possible investigation and prosecution.
The order gives the Commerce Department eight months to evaluate the cyber practices most commonly used in the business community and issue guidance based on them. Shortly thereafter, these practices will become mandatory for companies seeking to do business with the government. The directive also initiates updates to the National Institute of Standards and Technology Secure software development guidelines.
Another part of the directive focuses on protecting cloud platform authentication keys, the compromise of which opened the door to China. Stealing government emails from Microsoft servers And his talk Treasury supply chain hack. Commerce and the General Services Administration have 270 days to develop guidelines for protecting keys, which must then become requirements for cloud vendors within 60 days.
To protect federal agencies from attacks that rely on flaws in IoT tools, the Executive Order sets a deadline of January 4, 2027 for agencies to purchase newly released consumer IoT devices. US Cyber Trust Mark.
https://media.wired.com/photos/67881091f6531b9aa159382f/191:100/w_1280,c_limit/security_bidenorder_GettyImages-2193176707.jpg
Source link