U.S. President Joe Biden, left, and Antony Blinken, U.S. Secretary of State, speak about a cease-fire agreement between Israel and Hamas, in the Cross Hall of the White House in Washington, DC, U.S., Wednesday, Jan. 15, 2025. Israel and Hamas agreed agreed to a cease-fire agreement that at least temporarily ended the war in Gaza that has killed tens of thousands of people in the past 15 months and sparked wider turmoil in the Middle East.
Aaron Schwartz | Cuttlefish | Bloomberg | Getty Images
The Biden administration on Thursday released an executive order on cybersecurity that imposes new standards on companies that sell to the U.S. government and calls for greater disclosures from software vendors.
The White House is seeking to introduce new rules “to strengthen America’s digital foundation,” Anne Neuberger, deputy national security adviser for cybersecurity and emerging technologies, said in a briefing with reporters on Wednesday.
Cyber attacks have caused an increasing number of disruptions within federal agencies and companies in recent years.
The attackers carried out ransomware attacks against Change Healthcare, the operator of Colonial Pipeline and Ascension Health System. AND Microsoft said in 2023 that Chinese attackers had broken into the email accounts of US government officials, prompting a critical federal report and a series of changes at the software manufacturer.
Companies that sell software to the US government will have to demonstrate that their development practices are secure, the statement said. There will be “evidence that we will publish on the government website that will benefit all users of the software,” Neuberger said.
The General Services Administration will have to set a policy that forces cloud service providers to release information to customers about how to do business securely.
Companies that sell products and services to the US government must adhere to a new set of security practices as a result of the executive order.
Last week the White House announced the US Cyber Trust Mark to help consumers evaluate Internet-connected devices. The executive order states that the US government will only buy such products if they carry the label, starting in 2027.
The order also directs the National Institute of Standards and Technology to come up with guidelines for handling software updates. In late 2020, hackers gained access to the systems of Microsoft and the US Department of Defense targeting updates to SolarWinds‘ Orion Software.
It is not clear if he is the newly elected president Donald TrumpThe new administration will support the executive order. Biden’s cybersecurity officials have not met with those who will take over the job for Trump.
“We haven’t talked, but we’re very happy that, of course, as soon as the new cyber team is named, we’ll have any discussions during this final transition period,” Neuberger said.
