Biden’s Executive Order Targets Cybersecurity, AI, and Critical Infrastructure

The Biden administration’s new cybersecurity executive order introduces stringent measures to strengthen national security and protect critical infrastructure.

Published: Jan 20, 2025

Security

SHARE ARTICLE

Key Takeaways:

  • Software vendors selling to the US government must prove secure development practices.
  • The executive order prioritizes AI to enhance cybersecurity, including protecting energy infrastructure.
  • Other new measures include minimum cybersecurity standards for federal contractors and IoT devices.

The Biden administration issued a new cybersecurity executive order (EO) on January 16, 2025. This directive introduces stringent standards for software companies working with the US government and mandates greater transparency from providers to bolster national digital security.

The 40-page executive order signed by the Biden administration on Thursday addresses multiple cybersecurity concerns. These include requiring software providers to develop more secure products, harnessing AI to boost cyber defense capabilities, issuing strict sanctions for ransomware groups, and securing federal communications networks against foreign entities.

Specifically, the executive order mandates software vendors that sell products and services to the US government to submit proof that they follow secure software development practices. The Cybersecurity and Infrastructure Security Agency (CISA) will be required to double-check these security attestations within 90 days. These companies will be required to adhere to a new set of security practices.

Additionally, the order directs the National Institute for Standards and Technology to offer guidance on securely deploying software updates and patches. It also directs federal agencies to issue recommendations on using and securing open-source software.

Biden’s cybersecurity plan proposes strengthened authentication, AI-powered defense, and more

Biden’s directive requires federal agencies to use phishing-resistant authentication standards like WebAuthn. It directs CISA, the Department of Defense, and Homeland Security to accelerate the detection and identification of new security threats before they spread across government networks. The executive order also mandates federal agencies to migrate to post-quantum cryptographic standards by 2030. The agencies will be required to submit detailed plans in this regard within 90 days.

According to the executive order, artificial intelligence (AI) must be deployed to bolster US cyber defenses. It focuses on launching new initiatives to protect critical infrastructure like energy and the pilot programs are expected to begin within 180 days. The order also asks government agencies to enable transport encryption by default across instant messaging, email systems, as well as voice and video conferencing platforms.

Lastly, the directive asks federal agencies to implement enhanced protections for ground stations and space systems to address emerging threats. Other provisions in the order include establishing a “Cyber Trust Mark” for consumer Internet-of-Things devices and mandating minimum cybersecurity practices for federal contractors.

SHARE ARTICLE