The Biden administration issues a cybersecurity executive order.

• New security standards for companies doing business with the U.S. government are being imposed by the Biden administration through an executive order.
• Software companies will be required to showcase the security of their development procedures.
• The new rules may not be enforced by the incoming Trump administration.

On Thursday, the Biden administration unveiled an executive order on cybersecurity that includes new standards for companies supplying goods to the U.S. government and promotes greater transparency from software providers.

New rules are being considered by the White House to enhance America's digital infrastructure, as stated by Anne Neuberger, deputy national security advisor for cybersecurity and emerging technology, during a press briefing on Wednesday.

In recent years, an escalating number of disruptions have occurred within federal agencies and companies due to cyberattacks.

Ransomware attacks have been carried out by attackers at Change Healthcare, the operator of the Colonial Pipeline and the Ascension health-care system. Additionally, in 2023, it was reported that Chinese attackers had breached the email accounts of U.S. government officials, resulting in a critical federal report and changes at the software manufacturer.

According to Neuberger, companies selling software to the U.S. government must demonstrate secure development practices. There will be evidence posted on a government website for all software users to benefit from.

The General Services Administration must establish a policy mandating cloud providers to disclose security operating procedures to their clients.

As a result of the executive order, companies providing products and services to the U.S. government are now required to follow new security protocols.

The White House unveiled the U.S. Cyber Trust Mark label last week to assist consumers in assessing internet-connected devices. As per the executive order, the U.S. government will only procure such products if they bear the label, effective from 2027.

In late 2020, hackers gained access to Microsoft and U.S. Defense Department systems by exploiting vulnerabilities in 'Orion software updates.

The new administration of President-elect Donald Trump may not adhere to the executive order. Biden's cybersecurity officials have not yet met with those who will assume the responsibilities for Trump.

Neuberger stated that although they haven't discussed it yet, they are happy to have any discussions once the incoming cyber team is named during the final transition period.

Expect an increase in offensive cyber activity, says former CISA Director Chris Krebs.