By AJ Vicens

DETROIT (Reuters) – President Joe Biden is calling for tougher cybersecurity standards for federal agencies and contractors in a new executive order to be published in the coming days, citing repeated Chinese-linked cyber operations and cybercrime operations. to pursue reforms designed to address A draft of the order seen by Reuters.

The order is set to take effect in the closing days of Biden’s presidency, which has seen several high-profile, Chinese-linked hacks, according to US government and cybersecurity research groups. The alleged activity has targeted critical infrastructure, government emails, major telecom firms and most recently the US Treasury Department. Beijing has rejected these allegations.

According to the draft, Biden’s proposal calls for stricter standards for secure software development, the ability to verify that those standards are met, and for the Cybersecurity and Infrastructure Security Agency (CISA) to To review the process, according to the draft.

Vendors must provide secure software development documentation to be tested and certified by CISA through the agency’s software attestation program. Confirmations that “fail to be verified” could be referred to the attorney general for “appropriate action,” according to the draft.

Tom Kellerman, senior vice president of cyber strategy at cybersecurity company Contrast Security, said the certification provisions aren’t high enough but he “appreciates” efforts to push for more secure software development. Given the immediate threats from China, Russia and powerful cybercriminal syndicates, he said the implementation timelines set by the order seemed “arbitrary.”

“They’re already here,” Kellerman said. “We are literally dealing with an insurgency in critical infrastructure and US government agencies that has been influenced by the Russians and the Chinese.”

The order also mandates the development of guidelines for securely managing access tokens and cryptographic keys used by cloud providers. Microsoft (NASDAQ:) said at the time that Chinese-linked hackers abused the method in May 2023 to access email accounts used by top U.S. government officials.

Brandon Wells, vice president of cybersecurity strategy at Cybersecurity Co Sentinel One (NYSE: ) and previously a top CISA official told Reuters that the order builds on work done over the past five years to develop capabilities, get the right authorities and funding. While the threat from China looms large — an “accelerating threat” that is “immediately drawing attention and focus to the government” — the U.S. government and private sector face many threats that need to be addressed.

© Reuters. U.S. President Joe Biden speaks during a media briefing in the Oval Office at the White House on January 10, 2025 in Washington. REUTERS/Elizabeth Frantz

“It makes sense to continue to look for ways to get the most value out of the capabilities created over the past two administrations,” Wells said.

The White House declined to comment and CISA did not respond to a request for comment.



Source link