Fraud Management & Cybercrime,
Ransomware,
Standards, Regulations & Compliance
Final Cybersecurity Executive Order Empowers Incoming Administration
In the closing days of the Biden administration, an executive order was issued, focusing on strengthening U.S. sanctions aimed at the ransomware and hacking criminal underground, a top official from the White House disclosed. This order is positioned as a critical tool for combating a range of cyber threats.
The executive order not only broadens the sanctions capabilities of the Department of Treasury but also allows for action against individuals involved in ransomware activities, cyberattacks on critical infrastructure, and unauthorized intrusions into U.S. systems. Carrol House, Special Advisor for Cybersecurity and Critical Infrastructure Policy at the White House National Security Council, stated that this expanded authority targets complex networks that facilitate ransomware operations.
According to House, “We needed to enhance the effectiveness of our sanctions to penalize cyber actors along with those who support their malicious activities.” He emphasized the order’s intention to address the dynamic landscape of cyber threats more robustly.
As these cybercriminals evolve, their operations have become increasingly sophisticated, encompassing a wider range of criminal activities, including money laundering and the provision of illicit infrastructure. House highlighted the necessity to encompass all facets of these operations within the cybersecurity sanctions framework.
The executive order also leverages federal procurement practices to catalyze cybersecurity enhancements across the private sector and encourages the adoption of digital identity verification technologies, such as mobile driver’s licenses. This release was timed to coincide closely with a significant political transition in Washington.
The sanctions provisions, in particular, may resonate with the incoming Trump administration, which has indicated a more aggressive approach toward China, a nation implicated in numerous high-profile cyber incidents targeting U.S. federal networks and infrastructure.
Cyber threats from nation-state actors often utilize ransomware-as-a-service models to fund their espionage activities through extortion, as Jim Routh, Chief Trust Officer at Saviynt, pointed out. He noted that while sanctions are employed as a deterrent against ransomware proliferation, evaluating their effectiveness remains complex.
As part of its sweeping initiatives, Biden’s final cybersecurity order encompasses various critical actions, ranging from enhanced sanctions to an exclusive federal procurement mandate for IoT devices featuring a new cybersecurity labeling system, as indicated by the White House.
During a media briefing, Deputy National Security Advisor Anne Neuberger stated that the primary aim of this executive order is to increase the costs and barriers for adversarial nations and criminals attempting to conduct cyber operations against U.S. interests. She underscored that the order aligns with strongly bipartisan cybersecurity objectives, laying a solid groundwork for the incoming administration as it prepares to tackle national cybersecurity challenges.
