Biden’s new Cybersecurity Executive Order: What you need to know

Securing the software supply chain

To address vulnerabilities in software development and deployment, the order offers several measures:

• Compliance and transparency: Software providers to the government must submit written attestations and artifacts that demonstrate their software development practices were secure.

• Guidance development: A consortium will be established to provide comprehensive guidance for implementing secure software practices.

• Updated standards: The National Institute of Standards and Technology (NIST) will update its guidance on secure software development, including patch deployment and supply chain risk management.

• Open source security: The order addresses the use of open source software in federal information systems, ensuring its security and reliability.

Enhancing security of federal systems

A central feature of the Executive Order is the modernization of federal cybersecurity practices with a close focus on strengthening CISA’s capabilities. In an era of growing threats, including ransomware attacks on critical infrastructure and espionage targeting federal systems, these enhancements aim to position CISA to be a more proactive defender of federal agencies.

Key initiatives include:

• Expanded threat-hunting capabilities: The order mandates that CISA gain timely access to data from endpoint detection and response (EDR) solutions and security operation centers across federal agencies. This will improve its ability to detect and mitigate threats like advanced persistent threats (APTs) and nation-state cyber intrusions, such as the recent Volt Typhoon campaign.

• Technical capability development: Within 180 days, CISA must develop the technical capability to access data from agencies’ EDR solutions in coordination with the Federal CIO and CISO Councils.

• Operational frameworks: CISA will draft a comprehensive concept of operations to streamline data access and threat response, outlining requirements for data provision, notification procedures, and specific use cases.

• Collaboration with providers: CISA will establish working groups to develop technical controls in partnership with EDR solution providers to ensure seamless implementation in Federal Civilian Executive Branch (FCEB) deployments.

By enhancing its threat-hunting capabilities, CISA will be better equipped to counter evolving cyber risks.

Modernized security practices

Additional directives for federal agencies include:

• Adopting phishing-resistant authentication measures

• Enhancing cloud security through updated FedRAMP policies

• Strengthening cybersecurity for space systems and infrastructure

Securing federal communications

The order emphasizes robust measures to secure communications systems, including:

• Internet routing security: Implementing technologies like Route Origin Authorizations

• Encrypted traffic protection: Mandating encrypted DNS traffic and secure email transport while encouraging end-to-end encryption

• Secure digital communication: Advancing the security of internet-based voice, video conferencing, and instant messaging

• Post-quantum cryptography: Preparing for the transition to post-quantum cryptographic standards and securing cryptographic key management

Combating cybercrime and fraud

The Executive Order addresses the growing threat of cybercrime by:

• Promoting the acceptance of digital identity documents in public benefits programs with an emphasis on privacy and security

• Developing a pilot program to notify individuals of potential identity fraud

• Encouraging the use of “Yes/No” validation services for identity verification

Using AI for cybersecurity

Recognizing the transformative potential of artificial intelligence, the order highlights:

• Launching a pilot program to apply AI in defending critical infrastructure, particularly in the energy sector

• Establishing programs to use AI models for advanced cyber defense

• Prioritizing funding for AI research in cybersecurity and supporting the development of large-scale datasets for research purposes

Strengthening cybersecurity policy

The Executive Order directs the modernization of IT infrastructure and alignment of policies to improve network security. Key actions include:

Countering malicious cyber activities

Building on previous directives, the order expands the criteria for sanctions against individuals involved in significant cyber-enabled activities, such as ransomware attacks and unauthorized access to critical infrastructure. The updated criteria will empower the Treasury Department to designate and impose sanctions to help deter cyber threats.

What’s to come

President Biden’s Cybersecurity Executive Order marks a significant development in addressing the increasing complexities of the cyber threat landscape. By emphasizing CISA’s expanded role and modernizing federal cybersecurity practices, the order seeks to mitigate risks and enhance resilience. While the long-term impact remains to be seen, this comprehensive order represents a substantial effort to protect the nation’s digital infrastructure and critical systems against evolving threats.

In the coming years, Elastic remains committed to partnering with public sector organizations to facilitate secure AI implementation as well as to provide technology solutions that strengthen the security of critical data and systems. Our ongoing collaboration with CISA and the Continuous Diagnostics and Monitoring (CDM) program continues to provide visibility and security across US federal agencies, and we look forward to continuing to enhance this protection in accordance with this Executive Order.