Cybersecurity, the Biden White House, and the U.S. Cyber Power of the Tachyon: Defending America’s Critical Infrastructure
The 40-page executive order unveiled on Thursday is the Biden White House’s final attempt to kickstart efforts to harness the security benefits of AI, roll out digital identities for US citizens, and close gaps that have helped China, Russia, and other adversaries repeatedly penetrate US government systems.
“Cybersecurity and defending our nation’s critical infrastructure against threats has always been a nonpartisan issue,” said Ilona Cohen, the chief legal and policy officer for cybersecurity company HackerOne.
Neuberger told reporters that the Biden team had not gone into specifics on the cybersecurity executive order with President-elect Donald Trump’s transition team in advance, as he hasn’t yet named his senior cybersecurity officials. She said that once the Trump team is in place they are open to those discussions.
Donald Trump will take the oath of office on Monday, so whether or not he will continue these initiatives remains to be seen. None of the ambitious projects ordered by Trump are partisan, but his advisers may prefer a different approach to the issues identified in the order.
Finally, the executive order will make it easier for the federal government to slap sanctions on ransomware groups who target critical infrastructure like schools and hospitals.
Biden was the target of many disruptive cyberattacks during his first few days in the White House.
“The goal is to make it more expensive and harder for criminals in China, Russia, Iran and other countries to hack, and also to show that America means business when it comes to protecting its citizens,” said Anne Neuberger, the deputy National Security advisor for cyber and emerging technology.
The U.S. government is using the power of the purse in a way that’s defensive. Software vendors who sell to the government will have to prove they’re using secure development practices to win and keep lucrative federal contracts. Standards for verifying compliance will be developed by the National Institute of Standards and Technology, or NIST. The executive order will also enforce cybersecurity standards for buying new space systems.
Identity theft is also a part of the focus. The US government encourages industry to develop secure, privacy-protecting digital identity solutions. There’s an emphasis on vendors securely storing private cryptographic keys for identity management.
Internally, the U.S. government will require agencies to adopt quantum-resistant algorithms to protect against theft and decryption by adversaries. And the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, will be given more responsibility to hunt for known vulnerabilities across federal systems. Neuberger said they’ll have more centralized visibility.
The Biden White House is also launching a partnership with the private sector to develop tools to use artificial intelligence to better secure the energy sector, specifically by scanning for vulnerabilities and automatically suggesting potential patches.
To protect federal agencies from attacks that rely on flaws in internet-of-things gadgets, the order sets a January 4, 2027, deadline for agencies to purchase only consumer IoT devices that carry the newly launched US Cyber Trust Mark label.
Another part of the directive focuses on the protection of cloud platforms’ authentication keys, the compromise of which opened the door for China’s theft of government emails from Microsoft’s servers and its recent supply-chain hack of the Treasury Department. Commerce and the General Services Administration have 270 days to develop guidelines for key protection, which would then have to become requirements for cloud vendors within 60 days.
Trump hasn’t named any of his top cyber officials, and Neuberger said the White House didn’t discuss the order with his transition staff, “but we are very happy to, as soon as the incoming cyber team is named, have any discussions during this final transition period.”