The US President Joe Biden White House’s Cyber Security Initiatives Kickstarted by an Executive Order: Cybersecurity, Privacy, and Identity Protection

The Biden White House launched a 40-page executive order on Thursday to try to kick start efforts to harness the security benefits of artificial intelligence, as well as roll out digital identities for US citizens, and other initiatives that have helped adversaries penetrate US government systems.

“Cybersecurity and defending our nation’s critical infrastructure against threats has always been a nonpartisan issue,” said Ilona Cohen, the chief legal and policy officer for cybersecurity company HackerOne.

Four days before he leaves office, US President Joe Biden ordered improvements to the way the government monitors its networks, buys software, uses artificial intelligence, and punishes foreign hackers.

Incoming Trump officials have the ability to replace or repeal Biden’s executive actions. But the hope, Neuberger said, is that the aims of the executive order are broadly bipartisan.

Finally, the executive order will make it easier for the federal government to slap sanctions on ransomware groups who target critical infrastructure like schools and hospitals.

The Biden administration has found new ways to fight spies. They took back the ill-gotten gains by targeting the wallets. They published detailed indictments zeroing in on individual hackers from across the globe. They shut down botnets and deleted malicious code off infected devices, to name a few examples.

The goal is to make hacking harder for criminals from China, Russia, Iran and ransomware easier, and to signal to the criminals that the United States means business when it comes to cyber security.

The order gives the Department of Commerce eight months to assess the most commonly used cyber practices in the business community and issue guidance based on them. Shortly thereafter, those practices would become mandatory for companies seeking to do business with the government. The directive also kicks off updates to the National Institute of Standards and Technology’s secure software development guidance.

There’s also a focus on fighting identity theft. The U.S. government is pushing industry to develop secure, privacy-protecting digital identity solutions. Vendors storing private keys for identity management are being emphasisd on.

Internally, the U.S. government will require agencies to adopt quantum-resistant algorithms to protect against theft and decryption by adversaries. And the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, will be given more responsibility to hunt for known vulnerabilities across federal systems. They’ll have more “centralized visibility,” said Neuberger.

The Biden White House is also launching a partnership with the private sector to develop tools to use artificial intelligence to better secure the energy sector, specifically by scanning for vulnerabilities and automatically suggesting potential patches.

The deadline for federal agencies to purchase consumer internet-of-things devices with the recently launched US Cyber Trust Mark label is January 4, 206, to protect against attacks that rely on flaws in internet of things gadgets.

The compromise that led to China gaining access to Microsoft’s server and Treasury Department emails is part of the directive. Commerce and the General Services Administration have 270 days to develop guidelines for key protection, which would then have to become requirements for cloud vendors within 60 days.

Trump hasn’t named any of his top cyber officials, and Neuberger said the White House didn’t discuss the order with his transition staff, “but we are very happy to, as soon as the incoming cyber team is named, have any discussions during this final transition period.”