President Joe Biden is set to sign an executive order on Thursday aimed at bolstering America’s cyber defenses in response to a series of cyberattacks on federal networks linked to Chinese and Russian operatives. The directive follows a comprehensive review by US officials of key hacking incidents during the Biden administration, ranging from Russia’s alleged disruption of a satellite provider ahead of the invasion of Ukraine to China’s purported infiltration of US telecom networks to spy on prominent political figures.
The primary objective of the executive order is to position the new administration and the nation on a trajectory towards sustained success in combating cyber threats. Anne Neuberger, a senior White House official, emphasized the intention to raise the stakes and increase the difficulty for countries such as China, Russia, Iran, and ransomware criminals to successfully execute hacks.
According to a draft of the order reviewed by CNN, agencies will be tasked with implementing stronger encryption measures to safeguard federal employees’ communications from interception. This measure is specifically addressing vulnerabilities exposed by the Chinese telecom hack, which exploited insecure messaging protocols.
Additionally, the directive grants expanded authority to the Department of Homeland Security’s cyber agency to access critical data from other agencies’ networks for the purpose of investigating sophisticated hacking operations. It also streamlines the process for the Treasury Department to impose sanctions on cybercriminals or foreign agents targeting essential US infrastructure.
The executive order also outlines initiatives to combat identity fraud that has inflicted significant financial losses on Americans and to leverage artificial intelligence for enhancing the cybersecurity of the American energy sector.
The directive underscores the Biden administration’s deep-seated concerns regarding lax security practices within software firms supplying products to the US government. A review supported by the US government identified numerous preventable errors in Microsoft’s security protocols that facilitated a Chinese hacking group’s breach of the tech company’s network and subsequent compromise of email accounts belonging to senior US officials in 2023. Microsoft has since announced reforms to enhance its security measures.
Earlier in his term, Biden issued a cybersecurity order mandating that contractors adhere to minimum security standards to engage in government contracts. The upcoming directive will now require these contractors to furnish data demonstrating compliance with secure development requirements to both the government and the public. The order mandates that federal agencies publicly disclose this information online to enhance transparency and accountability.
Neuberger highlighted the lack of validation regarding whether products used by the government met established secure standards, underscoring the importance of this new requirement.
Cybersecurity has traditionally transcended party lines, with bipartisan support for measures to safeguard national interests in the digital realm. The extent to which the incoming Trump administration will uphold or revise the executive order remains uncertain. Mike Waltz, the incoming national security adviser, has advocated for a more aggressive stance on offensive cyber operations, though specific strategies for cyber defense under the new administration have yet to be detailed.
As President Biden prepares to sign this executive order, the ongoing evolution of cyber threats necessitates a proactive and collaborative approach to fortifying America’s digital defenses.
For more news and updates from CNN, visit CNN.com and create
