On January 16, the White House released an Executive Order (EO) covering multiple cybersecurity domains, such as software security, Artificial Intelligence (AI), and post-quantum cryptography. This is a continuation built on the foundation of Executive Order 14028 of May 12, 2021 – Improving the Nation’s Cybersecurity.
The latest EO “is designed to strengthen America’s digital foundations and also put the new administration and the country on a path to continued success,” Anne Neuberger, Biden’s deputy national security adviser for cyber and emerging technology, told reporters earlier this week.
Some of the key enhancements from this new EO include:
- Expanded coverage into emerging threats such as AI, and quantum computing
- Insights into advancing software security standards and practices
- More specific guidance on actions and timelines, creating an immediate sense of urgency and accountability
- Promotion of of new AI-based tools for cyber defense and “post-quantum cryptographic” algorithms to resist attacks leveraging quantum computing capabilities
The EO states that, “Adversarial countries and criminals continue to conduct cyber campaigns targeting the United States and Americans, with the People’s Republic of China presenting the most active and persistent cyber threat to the United States Government, private sector, and critical infrastructure networks. These campaigns disrupt the delivery of critical services across the Nation, cost billions of dollars, and undermine Americans’ security and privacy. More must be done to improve the Nation’s cybersecurity against these threats.”
The White House’s message to both the public and private sector is clear: that the threats from foreign adversaries are more dire than ever.
Malicious criminals continue to target the United States Government, corporations, and individual Americans with cyberattacks. They disrupt critical services, businesses and individual lives, costing billions of dollars and harming national security. This capstone executive order is the result of a review of how these attacks occurred, and was released to help us understand how to better protect and secure these systems and stay ahead of threats. As a result, it will be riskier, costlier, and harder for bad actors to conduct future attacks.
The EO contains 9 sections requiring actions from 52 agencies over the next few years in the following areas:
- Policy
- Operationalizing Transparency and Security in Third-Party Software Supply Chains
- Improving the Cybersecurity of Federal systems
- Securing Federal Communications
- Solutions to Combat Cybercrime and Fraud
- Promoting Security with and in Artificial Intelligence
- Aligning Policy to Practice
- National Security Systems and Debilitating Impact Systems
- Additional Steps to Combat Significant Malicious Cyber-Enabled Activities
Two of the specific initiatives in the EO to highlight are software security and AI.
Initiative 1: Making Software More Secure – for Americans, Companies, and the Federal Government
Russia and China conduct cyber attacks by exploiting numerous vulnerabilities in the software Americans use every day. This EO will put $100 billion of annual government IT procurement