Biden Issues Executive Order to Enforce New Cybersecurity Measures and Enhance Sanctions

President Joe Biden is enacting an executive order aimed at bolstering the cybersecurity capabilities of the United States, in response to a series of significant hacks attributed to state-sponsored entities from China.

The comprehensive order issued on January 16 introduces new security standards for software utilized by government agencies and contractors, establishes a national certification program for secure technology, and lowers the criteria for enforcing tariffs on harmful cyber actors.

Anne Neuberger, the deputy national security advisor for cyber and emerging technology, stated that this order will enable the U.S. to respond more effectively to harmful cyber activities from rival nations and criminal organizations.

“Adversary countries and criminals have increasingly targeted the U.S. government, corporations, and individual Americans with cyber attacks…,” Neuberger remarked during a press call on January 15.

“The objective is to make it more expensive and challenging for hackers from China, Russia, Iran, and ransomware criminals to operate, while also indicating that America is serious about safeguarding our businesses and citizens,” she added.

A fact sheet from the White House provided to The Epoch Times states that the order aims to combat “malicious countries and criminals,” while also prompting the U.S. to adopt security-focused practices that are already mandated in various other countries.

“The United States is the only major economy that lacks secure, privacy-preserving digital identity infrastructure, leaving its citizens vulnerable to a surge of cybercrime,” the fact sheet emphasized.

This executive order follows a series of significant and enduring cyber-attacks against U.S. infrastructure by state-backed hackers from China and Russia, targeting sectors such as telecommunications, satellites, energy, and transportation.

Neuberger indicated that the analysis of those significant cyber incidents has been instrumental in formulating the order.

“We’ve spent the last seven months meticulously examining each hacking incident to understand exactly how Chinese and other government-backed entities, as well as criminals, managed to penetrate our systems,” she reported.

“This final executive order stems from our review of these attacks and aims to deliver better protection and security for our systems, outpace potential threats, and increase the risks and costs to cyber attackers attempting future incursions,” she continued.

New Government Cybersecurity Requirements

The success of the order hinges on a set of new requirements for software providers collaborating with the government.

The executive order outlines minimum cybersecurity standards that must be adhered to by all companies contracting with the federal government, and mandates that software vendors demonstrate that their products were developed according to secure practices.

In addition, it tasks the Cybersecurity and Infrastructure Security Agency (CISA) with the responsibility of receiving, analyzing, and monitoring that evidence to confirm compliance with these secure development practices.

However, these new requirements are not restricted solely to those wishing to partner with the government; there is also an array of new regulations for government entities to implement.

The foremost stipulation is that all users on the federal network must utilize end-to-end encryption for all communications, including emails and video conferences.

Moreover, the order bolsters the adoption of authentication technologies designed to more effectively detect phishing attempts, which involve malicious actors seeking sensitive information or tricking federal employees into inadvertently installing malware.

Thinking ahead, the order also requires that government agencies start generating encryption keys using “post-quantum cryptography” algorithms, anticipated to withstand password-breaking attempts from early quantum computers expected to emerge in the coming years.

Lastly, the order lowers the threshold for the government to impose sanctions on non-state cyber actors involved in ransomware attacks against American hospitals and businesses.

“It shouldn’t matter whether they’re affiliated with a foreign government or acting for financial gain; we need to utilize sanctions effectively,” Neuberger asserted.

“We want to observe a decline in the activities of China, Russia, Iran, as well as other companies and criminals exploiting ongoing vulnerabilities in software,” she added.

New Cyber Trust Mark Certification for Consumer Products

The executive order also aims to overhaul the lax security practices prevalent in countless consumer products by introducing a national certification program for secure products.

The Cyber Trust Mark program will offer manufacturers of consumer goods, such as home security systems and baby monitors, the ability to certify that their products have been developed following secure practices. Furthermore, to promote the adoption of these cybersecurity measures, the federal government will commence exclusive procurement of Cyber Trust Mark-certified devices starting in 2027.

This program will be rolled out in tandem with new initiatives aimed at encouraging secure practices within the private sector.

To support this effort, the order mandates the General Services Administration to create policies that require cloud service providers to clearly communicate how customers can secure their use of cloud products and directs the National Institute for Standards and Technology to establish guidance on securely and reliably deploying software updates.