Image of cyber securityImage of cyber security
U.S. President Joe Biden speaks during a media briefing in the Oval Office at the White House on January 10, 2025 in Washington.Reuters/Elizabeth Frantz)
By AJ Vicens | Reuters

President Joe Biden A new executive order to be published in the coming days calls for tougher cybersecurity standards for federal agencies and contractors, according to a draft of the order seen by Reuters. And reforms designed to combat cybercrime operations will be pursued. .

The order is set to take effect in the closing days of Biden’s presidency, which has seen several high-profile, Chinese-linked hacks, according to US government and cybersecurity research groups. The alleged activity has targeted critical infrastructure, government emails, major telecom firms and most recently the US Treasury Department. Beijing has rejected these allegations.

Biden’s proposal calls for stricter standards for secure software development, the ability to verify that those standards have been met, and Cyber ​​Security and Infrastructure Security Agency (CISA) draft process review.

Provide vendors with secure software development documentation for testing and certification by CISA through the agency’s software attestation program. have to do Confirmations that “fail to be verified” could be referred to the attorney general for “appropriate action,” according to the draft.

Tom Kellerman, senior vice president of cyber strategy at the cybersecurity company Contrast securitysaid the certification provisions don’t go far enough but they “appreciate” the efforts to push for more secure software development. Given the immediate threats from China, Russia and powerful cybercriminal syndicates, he said the implementation timelines set by the order seemed “arbitrary.”

“They’re already here,” Kellerman said. “We are literally dealing with an insurgency in critical infrastructure and US government agencies that has been influenced by the Russians and the Chinese.”

The order also mandates the development of guidelines for securely managing access tokens and cryptographic keys used by cloud providers. Microsoft said at the time that Chinese-linked hackers abused the method in May 2023 to gain access to email accounts used by top US government officials.

Brandon Wells, vice president of cybersecurity strategy at cybersecurity company Sentinel One and formerly a top CISA official, told Reuters that the order was the last five to build capabilities, get the right authorities and funding. Built on work in progress over the years. While the threat from China looms large — an “accelerating threat” that is “immediately drawing attention and focus to the government” — the U.S. government and private sector face many threats that need to be addressed.

“It makes sense to continue to look for ways to get the most value out of the capabilities created over the past two administrations,” Wells said.

The White House declined to comment and CISA did not respond to a request for comment.

Editor’s note: AJ Vicens in Detroit reporting; Edited by Matthew Lewis

Leon Banner 1Leon Banner 1
LogoLogo



Source link