Nandini Roy Choudhury, writer
Brief news
- Vice President Joe Biden’s administration announced an executive order on cybersecurity, requiring businesses selling to the U.S. government to enhance software security disclosures and procedures.
- The order mandates that the General Services Administration create policies for cloud service providers to ensure secure operations and introduces the U.S. Cyber Trust Mark for evaluating internet-connected devices, effective from 2027.
- The National Institute of Standards and Technology is tasked with developing guidelines for software updates, following significant cyberattacks that exploited vulnerabilities in software like SolarWinds’ Orion.
Detailed news
An executive order on cybersecurity was announced by the administration of Vice President Joe Biden on Thursday. The order establishes new rules for businesses who sell their products or services to the United States government and demands for increased disclosure from software vendors.
During a meeting with reporters on Wednesday, Anne Neuberger, who serves as the deputy national security advisor for cybersecurity and emerging technology, stated that the White House is considering the implementation of new regulations “to strengthen America’s digital foundations.”
Over the past several years, there has been a growing number of interruptions that have occurred within federal organizations and enterprises as a result of cyberattacks.
Change Healthcare, the company that operates the Colonial Pipeline and the Ascension health-care system, has found itself the target of ransomware assaults carried out by malicious actors. In addition, Microsoft announced in 2023 that Chinese hackers had gained access to the email accounts of officials working for the United States government. This led to a damning report from the federal government as well as a series of adjustments within the software company.
According to a statement, businesses that do business with the United States government and sell software will be required to provide evidence that their software development procedures are secure. According to Neuberger, there will be “evidence we post on a government website for all software users to benefit from,” and this proof will be available to everybody.
It will be necessary for the General Services Administration to formulate a policy that requires cloud service providers to offer their customers with information on how to be secure in their operations.
As a consequence of the executive order, businesses that provide goods and services to the government of the United States are required to comply with a new regulation regarding security procedures.
Consumers will be able to more easily analyze internet-connected devices thanks to the United States Cyber Trust Mark designation, which was introduced by the White House last week. According to the executive order, beginning in the year 2027, the United States government will only acquire products of this kind if they are accompanied by the designation.
In addition, the order instructs the National Institute of Standards and Technology to develop guidelines for the management of software updates. By targeting updates to SolarWinds’ Orion software, hackers were able to get access to systems belonging to Microsoft and the United States Department of Defense in the latter half of the year 2020.
There is a lack of clarity on whether or not the new administration of President-elect Donald Trump would adhere to the executive order. The officials in charge of cybersecurity for Biden have not yet met with the individuals who will be taking over the work for Trump.
According to Neuberger, “We haven’t discussed, but we are very happy to, as soon as the incoming cyber team is named, of course, have any discussions during this final transition period.” Neuberger made this statement at the end of the transition period.
Source : CNBC news
