Four days before leaving office, President Joe Biden issued a comprehensive executive order containing 40 pages of directives aimed at enhancing federal cybersecurity protocols, regulating the use of artificial intelligence (AI), and addressing monopolistic practices, particularly targeting Microsoft’s market influence.
This executive order serves as a crucial measure to reinforce the U.S. government’s digital security infrastructure. It aims to rectify vulnerabilities that have previously allowed adversaries such as China and Russia to penetrate U.S. governmental systems repeatedly.
According to Anne Neuberger, Biden’s deputy national security adviser for cyber and emerging technology, the directive is intended to fortify America’s digital foundations while positioning both the administration and the nation for future success.
However, uncertainty lingers regarding the commitment of president-elect Donald Trump to uphold any of these initiatives once he assumes office. Although the order outlines several non-partisan efforts, Trump’s administration may approach the issues differently.
Central to the executive order are mandates designed to protect government networks by leveraging insights gained from recent cybersecurity breaches, particularly those involving federal contractors. It requires software vendors to prove adherence to robust development practices—a continuation of a requirement established in a previous Biden cyber executive order. The Cybersecurity and Infrastructure Security Agency (CISA) is tasked with validating these security assertions and resolving any uncovered issues, with the potential for issues to be escalated to the Attorney General.
The order also instructs the Department of Commerce to evaluate prevalent cyber practices in the business sector and develop corresponding directives within eight months, which will become mandatory for entities seeking government contracts. Additionally, it initiates updates to the National Institute of Standards and Technology’s secure software development guidance.
Another critical focus of the order is improving the security of cloud platforms, especially concerning authentication keys. This measure follows incidents where compromised keys led to significant breaches, including the theft of government emails by hackers linked to China. The Commerce Department and General Services Administration are tasked with establishing guidelines for key protection, which will then be enforced as requirements for cloud vendors.
To combat potential vulnerabilities linked to Internet of Things (IoT) devices, a deadline of January 4, 2027, has been set for federal agencies to acquire only consumer IoT devices with the newly launched U.S. Cyber Trust Mark.
Further enhancing cybersecurity measures, the order mandates CISA gain direct access to security operations from other agencies, facilitating better monitoring for intrusions, which were prominently highlighted in incidents like the SolarWinds hack.
The order also emphasizes the dual-use nature of AI in enhancing cybersecurity. It calls on the Departments of Energy and Homeland Security to initiate pilot programs utilizing AI for protecting energy infrastructure and requires the Department of Defense to explore advanced AI applications for cyber defense.
Biden’s plan also includes pushing for the adoption of digital identity documents to improve citizen services and reduce fraud, with a timeline for actions to be taken by Commerce.
Additionally, the executive order features provisions aimed at enhancing the security of open-source software and updating contracting procedures for space systems. It also emphasizes the importance of post-quantum cryptography and encryption standards across critical communication platforms, subtly pointing to existing concerns regarding Microsoft’s significant control over the IT market.
Lastly, the directive simplifies the process for imposing sanctions against individuals responsible for cyberattacks on U.S. critical infrastructure, thereby strengthening the government’s response to cyber threats.
