In its last days in office, the Biden administration is making significant strides towards bolstering U.S. cybersecurity through an upcoming executive order.
This initiative, which has recently overcome various internal hurdles and is on the verge of being finalized, takes lessons from notable cybersecurity incidents that occurred during Biden’s tenure, most recently the alleged cyberattack on the Treasury Department linked to Chinese hackers.
Enhancing Cybersecurity Measures
The anticipated executive order emphasizes the critical importance of robust identity verification and strong encryption for government communications.
An undated draft, which was examined by Bloomberg News, outlines these priorities.
The cyberattack against the Treasury in December involved hackers breaching unclassified documents on government laptops and desktops.
By enhancing privacy measures—such as encrypting emails and cloud documents—officials aim to strengthen the defenses against unauthorized access to sensitive information.
Interestingly, the National Security Council has chosen not to provide comments on this developing situation.
Details of the Cyberattack
In the recent Treasury incident, a group identified as Silk Typhoon, believed to be operating from China, reportedly accessed a digital key from a third-party service provider, BeyondTrust Inc. This key granted them entry to unclassified information, including discussions around potential sanctions, although the Treasury Department has yet to confirm the identity of the attackers officially.
The draft of the executive order also proposes guidelines to securing cryptographic keys used by cloud software contractors.
One noteworthy suggestion is to store these keys within hardware security modules—special devices engineered for safeguarding digital keys.
Additionally, federal contractors would be required to bolster their access management protocols.
Future Implications
Another crucial aspect of the draft is the determination of whether software vendors adhere to necessary cybersecurity benchmarks.
This includes enforcing multi-factor authentication and the use of complex passwords.
Concerns have been raised that some software providers promise to implement essential cybersecurity safeguards while neglecting to address existing vulnerabilities that could expose the government to risk.
As for the future, it remains to be seen how President-elect Donald Trump will approach this executive order once he takes office.
His stated intention to roll back federal regulations raises questions about whether he will continue the policies put forth by the Biden administration.
Trump has also indicated he plans to rescind another executive order from Biden concerning artificial intelligence regulation.
Source: Insurancejournal.com