Biden’s Final Cybersecurity Order Will Encounter Political Challenges

As the Biden administration approaches its conclusion, it is poised to release an executive order intended to enhance national cybersecurity and respond to Chinese cyber threats. Experts, however, express skepticism regarding the initiative’s viability, given its last-minute timing just before the presidential transition.

The draft order, obtained by Information Security Media Group, aims to further empower the Cybersecurity and Infrastructure Security Agency (CISA) as the principal federal agency responsible for civilian cybersecurity. Expected provisions include imposing software attestation requirements on government contractors, instituting additional protections for artificial intelligence systems, and laying the groundwork for post-quantum cryptography strategies. Anne Neuberger, Deputy National Security Director for Cybersecurity, emphasized that the goal is to provide a robust framework for the incoming administration to build upon.

While initially anticipated for an early release, sources now suggest that the order may be unveiled next week, slightly delaying its potential implementation. Insider accounts reveal a palpable tension between the current and incoming administrations regarding the direction of CISA, which has faced substantial Republican criticism for its role in election security and efforts to mitigate misinformation.

With Republicans poised to gain influence, there are indications of significant revisions to CISA’s mandate, which could include budget reductions and a redefined mission. A former CISA official noted that the acceptance of this executive order is likely contingent upon its political reception, with speculation that President-elect Donald Trump may reject it upon taking office due to its origins.

The draft order instructs the Office of Management and Budget to produce guidelines on overseeing federal information resources, specifically addressing risks associated with IT vendors. Additionally, it mandates the National Institute of Standards and Technology to revise security requirements for cloud service providers utilized by federal agencies.

Another focus of the draft is digital identity, promoting wider federal adoption of services such as mobile driver’s licenses, advocating for improved document interoperability through state funding, and implementing stricter data minimization and security practices.

There are concerns among officials and private sector collaborators about the Biden administration preemptively moderating the executive order to increase its chances of acceptance. They argue that some established guidelines, such as enhancing endpoint security and bolstering threat detection via federal CIO and CISO councils, may not constitute substantial reforms, but rather seem like routine adjustments.

According to individuals involved in the drafting, the future of national cybersecurity strategies under the forthcoming Trump administration remains uncertain. The complexities surrounding this transition and the political landscape suggest that the path forward for cybersecurity initiatives in the United States may require significant recalibration, compelling business leaders to remain vigilant and adaptable in the face of evolving cyber threats.