By AJ Vicens
DETROIT (Reuters) – President Joe Biden will publish a new executive order in the coming days for federal agencies and contractors. are demanding stricter cyber security standards, to address repeated Chinese-linked cyber operations and cyber crime operations; Reforms designed for A draft of the order seen by Reuters.
The order is set to take effect in the closing days of Biden’s presidency, which has seen several high-profile, Chinese-linked hacks, according to US government and cybersecurity research groups. The alleged activity has targeted critical infrastructure, government emails, major telecom firms and most recently the US Treasury Department. Beijing has rejected these allegations.
According to the draft, Biden’s proposal calls for stricter standards for secure software development, the ability to verify that those standards are met, and for the Cybersecurity and Infrastructure Security Agency (CISA) to To review the process, according to the draft.
Vendors must provide secure software development documentation to be tested and certified by CISA through the agency’s software attestation program. Confirmations that “fail to be verified” could be referred to the attorney general for “appropriate action,” according to the draft.
Tom Kellerman, senior vice president of cyber strategy at cybersecurity company Contrast Security, said the certification provisions aren’t high enough but he “appreciates” efforts to push for more secure software development. Given the immediate threats from China, Russia and powerful cybercriminal syndicates, he said the implementation timelines set by the order seemed “arbitrary.”
“They’re already here,” Kellerman said. “We are literally dealing with an insurgency in critical infrastructure and US government agencies that has been influenced by the Russians and the Chinese.”
The order also mandates the development of guidelines for securely managing access tokens and cryptographic keys used by cloud providers. Microsoft said at the time that Chinese-linked hackers abused the method in May 2023 to gain access to email accounts used by top US government officials.
Brandon Wells, vice president of cybersecurity strategy at cybersecurity company Sentinel One and formerly a top CISA official, told Reuters that the order was the last five to build capabilities, get the right authorities and funding. Built on work in progress over the years. While the threat from China looms large — an “accelerating threat” that is “immediately drawing attention and focus to the government” — the U.S. government and private sector face many threats that need to be addressed.
“It makes sense to continue to look for ways to get the most value out of the capabilities created over the past two administrations,” Wells said.
The White House declined to comment and CISA did not respond to a request for comment.
(Reporting by AJ Vicens in Detroit; Editing by Matthew Lewis)