Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
US President Joe Biden, left, and US Secretary of State Antony Blinken talk about the ceasefire agreement between Israel and Hamas, in the Cross Hall of the White House in Washington, DC, US , on Wednesday, January 15, 2025. Israel and Hamas agreed to a cease-fire deal, bringing at least a temporary halt to the war in Gaza that has killed tens of thousands of people in the last 15 months. and it touched a wider ripple throughout the Middle East.
Aaron Schwartz | Know | Bloomberg | Getty Images
The Biden administration on Thursday announced an executive order on cybersecurity that imposes new standards for companies that sell to the US government and demands greater disclosure from software providers.
The White House is looking to put in place new rules “to strengthen America’s digital foundation,” Anne Neuberger, deputy national security adviser for cybersecurity and emerging technology, said in a briefing with reporters on Wednesday.
Cyberattacks have caused an increasing number of disruptions in federal agencies and companies in recent years.
Attackers launched ransomware attacks on Change Healthcare, the operator of the Colonial Pipeline and the Ascension healthcare system. And Microsoft reported in 2023 that Chinese attackers broke into the email accounts of US government officials, prompting a critical federal report and a series of changes to the software manufacturer.
Companies that sell software to the US government must demonstrate that their development practices are secure, according to a statement. There will be “evidence that we publish on a government website for all users of the software to benefit from,” Neuberger said.
The General Services Administration should establish a policy that makes cloud providers publish information to customers about how to operate safely.
Companies that sell products and services to the US government must adhere to a new set of security practices as a result of the executive order.
Last week the White House announced the US Cyber Trust Mark label to help consumers evaluate Internet-connected devices. The executive order says the US government will only buy such products if they carry the label, starting in 2027.
The order also directs the National Institute of Standards and Technology to come up with guidance for managing software updates. By the end of 2020, hackers had access to Microsoft systems and the US Department of Defense from target updates to SolarWinds‘The Orion software.
It is not clear whether the president-elect Donald TrumpThe new administration maintains the executive order. Biden’s cybersecurity officials have not met with those taking the job for Trump.
“We haven’t discussed it, but we’re very happy to, as soon as the incoming cyber team is named, of course, have discussions during this final transition period,” Neuberger said.
