Article contributed by Brian Rushton-Phillips | Photo: Getty Images
President Biden signed an executive order intended to boost the privacy of Americans amid continued cyberattacks against the U.S.
“Adversary countries, and criminals have increasingly targeted the U.S. government, corporations, and individual Americans, with cyberattacks that disrupt critical services, businesses, and individual lives, costing billions of dollars, as well as damages,” a senior administration official told reporters on a call previewing the order.
The executive order outlines a set of measures to assist the federal government in protecting against cyber attacks that jeopardize the privacy of Americans' digital identities.
The National Security Council (NSC) noted that the U.S. is unique among major economies regarding its digital identity infrastructure. According to the NSC, Americans face approximately $56 billion in fraud annually.
A portion of the executive order will ease the criteria for sanctions imposed by the U.S. government to penalize cyber attackers.
“The goal is to make it costlier, and harder for China, Russia, Iran, [North Korea], and ransomware criminals to hack, and to also signal that America means business when it comes to protecting our nation, from our economy, and employment, to infrastructure, and innovation,” the administration official said, adding later, “It means more tools to publish them, to publicly name, sanction, and penalize these individuals, whether they’re working independently, or for [a] foreign government.”
The order will also accelerate the deployment of private-sector technology to enhance government efficiency and minimize fraud.
It encourages the adoption of "privacy-preserving digital identity documents," such as mobile driver licenses, and the initiation of an early-warning fraud pilot to alert Americans about potential fraud incidents related to their public benefits and payments, according to the NSC.
Additionally, it sets new standards for software providers working with the U.S. government. This comes just weeks after the Treasury Department informed lawmakers that Chinese state-sponsored actors breached the agency early last month, stealing a key from a third-party software service provider.
Building on Biden’s initial cyber executive order, which mandated federal agencies to adopt new practices to safeguard against cyberattacks, the order aims to advance this objective by promoting the use of modern technologies that are resistant to phishing within federal agencies.
It will also enhance the visibility of attack activities across government agencies, enabling the Cybersecurity and Infrastructure Agency (CISA) to perform its duties more effectively.
“If we find one particular technique that a foreign government has used to hack one particular federal agency, this now tasks CISA, and invites CISA centralized visibility to [threat] hunt, across all agency systems, to ensure we’re defending against this attack broadly,” the administration official said.
Moreover, the order will expedite the advancement, and application of artificial intelligence (AI), alongside further exploration of AI-driven cybersecurity solutions, and post-quantum technologies. This aspect mirrors Biden’s national security memorandum from last October, which urged government agencies to leverage cutting-edge AI systems, to enhance national security.
The order also highlights the need to safeguard space-based systems, referencing the destruction caused by Russia’s assault on Ukraine’s military satellite communications system, prior to its 2022 invasion.
Software Supply Chain Security: This initiative mandates that software providers submit attestations of secure development practices in a machine-readable format, which the Cybersecurity and Infrastructure Security Agency must validate within 90 days.
Federal Cybersecurity Enhancements: Implements enhanced endpoint detection and response (EDR) tools, authentication methods resistant to phishing, and revised cloud security protocols, with a 120-day deadline for implementation.
Quantum-Resistant Cryptography: Establishes an objective for federal agencies to shift to post-quantum cryptographic standards by 2030, requiring "detailed plans" to be provided within 90 days.
AI for Cyber Defense: Initiates efforts to employ artificial intelligence to enhance cybersecurity, especially in vital infrastructure areas such as energy, with pilot programs set to commence within 180 days.
Cybersecurity in Space: Mandates improved security measures for space systems and ground stations to tackle emerging threats, with agency evaluations and updates to cybersecurity standards required within 180 days.
Open Source Software Management: Advises agencies to implement optimal practices for utilizing and safeguarding open source software, with guidelines to be provided within 120 days.
New Requirements for Vendors: Requires federal contractors to adhere to basic cybersecurity standards and introduces a "Cyber Trust Mark" for consumer Internet-of-Things devices, with a 240-day deadline for implementation.
Numerous foreign adversaries executed hacking operations in the U.S. last year, heightening concerns about the nation’s capacity to defend against such threats. Among these was the unprecedented “Salt Typhoon” operation, where China-backed actors infiltrated over half a dozen telecom companies in the U.S.
Some of those targeted in the Salt Typhoon hacks were involved in governmental or political activities, as officials disclosed earlier this year. Although the exact number of targets remains undisclosed, President-elect Trump, and Vice President-elect Vance were reportedly among those whose phones were targeted.
This eagerly awaited order arrives at the close of the Biden administration and follows two AI-related directives issued by the president earlier this week.
For more cybersecurity insights, follow Cyderes on LinkedIn and X.