The Biden administration is taking swift action to finalize an executive order aimed at strengthening U.S. cybersecurity in the final months of its term. The executive order, which has passed internal hurdles and is nearing publication, comes in response to a series of significant cyberattacks during the administration, including the recent Treasury Department breach attributed to a Chinese hacking group known as Silk Typhoon. This executive order seeks to address these incidents by implementing more robust measures to protect government communications and data.
One of the key elements of the executive order is the mandate for stronger identity authentication and encryption protocols across government systems. In the December Treasury breach, attackers gained access to unclassified documents stored on local laptops and desktops. The order proposes encrypting information sent via email and stored in the cloud to prevent unauthorized access even when hackers infiltrate government systems. This measure aims to safeguard sensitive data from being exposed during such breaches.
Additionally, the draft executive order outlines guidelines to better secure cryptographic keys used by cloud software contractors. These keys would be stored in hardware security modules (HSMs), which are physical devices designed to protect digital keys. The order also focuses on holding federal contractors accountable for how they manage access to systems and ensure cybersecurity hygiene, such as enforcing the use of multi-factor authentication and complex passwords, to reduce vulnerabilities in government software.
While the order is designed to address immediate security challenges, its future remains uncertain with President-elect Donald Trump’s stance on federal regulation. Trump has expressed intentions to reduce federal oversight and may potentially repeal or revise certain orders from the Biden administration, including those relating to cybersecurity. As a result, it remains unclear whether the executive order will be upheld or modified after the transition to the next administration.
