Four days before leaving office, US president Joe Biden has issued a cybersecurity directive ordering improvements to the way the government monitors networks, buys software, uses artificial intelligence, and punishes foreign hackers. The latest effort by the Biden White House to begin efforts to harness the security benefits of AI, launch a digital identity for US citizens, and close the gap that has helped. China, Russia, and other adversaries have repeatedly penetrated US government systems. The order is “designed to strengthen America’s digital foundation while also putting the new administration and the country on a path to continued success,” said Anne Neuberger, Biden’s deputy national security adviser for cyber. and emerging technologies, he told reporters on Wednesday. Above Biden’s directive is the question of whether president-elect Donald Trump will continue the initiative after he takes the oath of office on Monday. None of the technical projects specified in the order are partisan, but Trump’s advisers may prefer a different approach (or schedule) to solving the problems identified by the order. The House did not discuss the order with the transition staff, “but we are very excited, as soon as the incoming cyber team is named, to have discussions during this final transition.” -namely, federal contractor security failures. The order requires software vendors to submit evidence that they follow secure development practices. , building on the mandate that begins in 2022 in response to Biden’s first cyber executive order. The Cyber Security and Infrastructure Agency will be tasked with double-checking these security credentials and working with vendors to fix issues. To put some teeth in the requirement, the White House’s Office of the National Cyber Director is “recommended to refer testimony that fails to validate to the Attorney General” for investigation and potential prosecution. cyber practices that are commonly used in the business community and issue guidance based on them. Soon, the practice will become mandatory for companies looking to do business with the government. The directive also initiates an update to the Institute of Standards and Technology’s secure software development guidance. Another part of the directive focuses on the protection of cloud platform authentication keys, a compromise that opens the door to the theft of Chinese government emails from Microsoft. server and a new supply chain hack from the Department of Finance. The Commerce and General Services Administration has 270 days to develop guidelines for key protection, which must then become a requirement for cloud vendors within 60 days. set January 4, 2027, the deadline for agencies to purchase only consumer IoT devices that carry the newly launched US Cyber Trust Mark label.
