Artificial Intelligence & Machine Learning,
Encryption & Key Management,
Next-Generation Technologies & Secure Development
Administration Officials Highlight Bipartisan Nature of Executive Order
On Thursday, the Biden administration plans to unveil a significant executive order aimed at leveraging federal purchasing power to enhance cybersecurity across the private sector. This directive is intended to compel technology vendors to adhere to stricter cybersecurity protocols, including demonstrating secure development practices.
The proposed order utilizes the federal government’s inherent advantage as the globe’s largest buyer of goods and services, imposing stringent cybersecurity conditions on suppliers. Key among these requirements is the need for cloud computing vendors to explicitly articulate how clients can secure their cloud offerings. Notably, starting in 2027, federal agencies will be restricted to purchasing Internet of Things (IoT) devices that bear a certification from a recently established Federal Communications Commission (FCC) cybersecurity labeling initiative.
“Our objective is to make it more difficult and costly for adversaries like China, Russia, Iran, and ransomware actors to execute cyberattacks,” stated Deputy National Security Advisor Anne Neuberger during a Wednesday briefing. This sentiment underscores a shift towards proactive measures in the realm of cybersecurity policy.
In her remarks, Neuberger indicated that the executive order was tailored to align with the anticipated cost-cutting focus of the incoming Trump administration. The order aims not only to streamline federal operations and reduce inefficiencies but also to expedite the implementation of secure digital identities for American citizens.
Concerns persist that the incoming Trump administration may dismantle initiatives established during Biden’s tenure. Nevertheless, Neuberger reassured that the order addresses “consensus-driven goals” that could span political lines. Biden’s cybersecurity officials have yet to engage in direct discussions with the Trump team, given the latter’s delayed announcement of their cybersecurity appointments.
Throughout Biden’s presidency, administration efforts have centered on promoting secure coding standards, leading to engagements with tech industry leaders about incorporating robust security features in product design. This executive order represents a significant shift from voluntary compliance to mandated regulations for a segment of the technology providers engaging with federal entities.
The requirements for space system procurement will be even more rigorous, demanding evidence of secure hardware as well as software practices from contractors. Additionally, the executive order enhances the government’s capacity to impose sanctions on cybercriminals who target vital infrastructure, including healthcare facilities, and establishes initiatives to promote digital identities aimed at mitigating identity theft risks.
To address emerging threats from quantum computing, federal agencies will be obligated to integrate quantum-resistant key establishment methods to fortify government communications against future decryption attempts. Lastly, a public-private collaboration will be initiated to leverage AI technologies for bolstering cybersecurity within critical infrastructure sectors, particularly in energy.
