Last week former President Joe Biden issued an executive order aimed at strengthening U.S. cybersecurity and making it easier to go after foreign adversaries or hacking groups that try to compromise U.S. internet and telecommunication systems. Provisions in the order call for the development of minimum cybersecurity standards for government technology contractors and require that contractors submit evidence that they’re complying with the rules.
The order also requires federal agencies to improve cybersecurity to protect against the threat posed by powerful quantum computers, which cyber experts say could be used to easily break into many systems. The order is expected to receive bipartisan support as the Trump administration takes control.
According to James Yeager, VP of Public Sector at Abnormal Security, “Biden’s Executive Order puts a large focus on AI use for cyber defense – no surprise, given AI’s powerful potential to better anticipate and mitigate national security threats. However, limiting the program to the Pentagon (as outlined in the EO summary) is disconcerting. It’s potentially a missed opportunity to additionally support the Executive Branch and FCEB (Federal Civilian Executive Branch) agencies, many of which are on the frontlines of grappling with increasingly sophisticated and targeted cyberattacks.”
FCEB includes the Department of Energy, Department of Transportation and several other cabinet-level entities.
Yaeger also stated that, “the EO’s proposed establishment of working groups to conduct more threat hunting and EDR (endpoint detection and response) in federal networks is encouraging. But threat hunting goes hand in hand with visibility, and it will be interesting to see what guidance CISA releases around how visibility is defined and promoted.
“I think there is an opportunity here to open up the aperture when it comes to defining ‘visibility.’ For example, email continues to be the number one threat vector facing organizations today, and is the root cause of the vast majority of federal incidents and breaches. Expanding visibility into systems like email could be necessary precursors for conducting effective threat hunting in federal networks.
“Lastly, the push for digital identity documents and validation services promises enhancements to the process of applying for public benefits, but comes with potential risks. Public sector organizations may need to prepare for spikes in identity-based fraud, for example, and figure out how they protect a deluge of PII from being exploited by adversaries.”
Kevin Bocek, senior vice president at Cyber Ark, added, “First off, it’s interesting to note that the document calls out China several times as the most active adversary. The outgoing administration is clearly making a statement both to the Chinese and in the incoming administration: the U.S. is not ready to tolerate continued Chinese attempts to breach federal networks and U.S. telecommunications systems.
“This represents a possible sea change in Chinese-U.S. cyber relationship and beyond. The order also shows an urgency to protect the software supply chain, calling for directives for software providers that support critical government services to ensure secure software development practices. This push for supply chain security and certification will impact the development of AI and require that the same security controls apply there. This is huge since the impact and requirements to secure the entire software supply chain will affect commercial software from mobile apps to enterprise software.
“Another important section seeks better protection of the internet by calling for the authentication of every piece of software and machine that runs the digital economy. The need for machine identity security is real and urgent: the order directs standards that secure identities that run secure access like digital certificates and access tokens — all that have come under recent attack and often poorly secured.
“Finally, the order acknowledges that post-quantum cryptography readiness is here, and the time for implementing hybrid security — applying both classical and quantum-resistant cryptography — is now. We must assume the adversary is capturing our communications and will have capabilities in the near future to decrypt them.”