A new executive order was signed by Biden
The 2016 Presidential Cyber Security Executive Order and the Challenge of the U.S. to Counterattack Cyber Crime in the Era of HackerOne
Cohen said that they were encouraged by the order’s recognition of the potential for artificial intelligence to enhance security and its focus on management of vulnerabilities. “We encourage the Trump administration to advance the order’s provisions, particularly those aimed at staying ahead of China on security by using AI.”
HackerOne’s Ilona Cohen said cybersecurity and defending our nation’s critical infrastructure has always been a nonpartisan issue.
Neuberger said that the Biden team hadn’t gone into detail on the executive order with Donald Trump’s transition team because he hadn’t named his senior cybersecurity officials. When the Trump team is in place, they will be open to those discussions.
Will Donald Trump continue any of these initiatives after he is sworn in as president on Monday? There are no partisan projects in the order, but that doesn’t mean Trump’s advisers prefer different approaches or timetables to solve the problems.
Finally, the executive order will make it easier for the federal government to slap sanctions on ransomware groups who target critical infrastructure like schools and hospitals.
The Biden administration was able to find new ways to confront the spies. Theyclawed back the ill-gotten gains by targeting the wallets. They published detailed indictments zeroing in on individual hackers from across the globe. They shut down botnets and deleted malicious code off infected devices, to name a few examples.
“The goal is to make it costlier and harder for China, Russia, Iran and ransomware criminals to hack, and to also signal that America means business when it comes to protecting our businesses and our citizens,” said Anne Neuberger, Biden’s outgoing Deputy National Security Advisor for Cyber and Emerging Technology, during a call with journalists.
The order gives the Department of Commerce eight months to assess the most commonly used cyber practices in the business community and issue guidance based on them. Shortly thereafter, those practices would become mandatory for companies seeking to do business with the government. The directive kicks off new updates to the National Institute of Standards and Technology.
Identity theft is a focus of the fight. The U.S. government is pushing industry to develop secure, privacy-protecting digital identity solutions. There’s an emphasis on storing private keys that are not public.
The U.S. government will require agencies to protect against theft and break-ins. And the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, will be given more responsibility to hunt for known vulnerabilities across federal systems. They’ll have more “centralized visibility,” said Neuberger.
The Biden White House is also launching a partnership with the private sector to develop tools to use artificial intelligence to better secure the energy sector, specifically by scanning for vulnerabilities and automatically suggesting potential patches.
To protect federal agencies from attacks that rely on flaws in internet-of-things gadgets, the order sets a January 4, 2027, deadline for agencies to purchase only consumer IoT devices that carry the newly launched US Cyber Trust Mark label.
Another part of the directive focuses on the protection of cloud platforms’ authentication keys, the compromise of which opened the door for China’s theft of government emails from Microsoft’s servers and its recent supply-chain hack of the Treasury Department. Within 60 days, guidelines for key protection will need to be developed by the Commerce and the General Services Administration.
Neuberger said the White House had not discussed the order with his staff, but they were happy to discuss it when the incoming cyber team is named.
