Biden executive order imposes new cybersecurity standards for companies that do business with the U.S. government

On Thursday, the Biden administration announced an executive order on cybersecurity that introduces new standards for companies selling to the U.S. government and requests increased transparency from software providers.

In a briefing with reporters on Wednesday, Anne Neuberger, the deputy national security advisor for cybersecurity and emerging technology, announced that the White House is seeking to implement new regulations aimed at fortifying America's digital infrastructure.

In recent years, there has been a growing number of disruptions within federal agencies and companies as a result of cyberattacks.

Cyber attackers successfully executed ransomware attacks targeting Change Healthcare, the Colonial Pipeline operator, and the Ascension health-care system. Additionally, in 2023, Microsoft disclosed that hackers from China had breached the email accounts of U.S. government officials. This incident led to a significant federal investigation and prompted Microsoft to implement several changes in response.

According to a statement, software companies seeking to sell to the U.S. government must show that their development practices prioritize security. Anne Neuberger mentioned that evidence supporting this will be made available on a government website for the benefit of all software users.

The General Services Administration must establish a policy requiring cloud providers to disclose security operational guidelines to their clients.

Businesses that sell goods and services to the U.S. government are now required to follow a fresh set of security protocols due to the executive order.

Last week, the White House revealed the U.S. Cyber Trust Mark designation aimed at assisting consumers in assessing internet-connected devices. According to the executive order, beginning in 2027, the U.S. government will exclusively procure products bearing the label.

The directive also mandates the National Institute of Standards and Technology to develop recommendations for managing software updates. In a notable security breach in late 2020, hackers infiltrated Microsoft and U.S. Defense Department networks through exploiting vulnerabilities in SolarWinds' Orion software updates.

It remains uncertain whether the incoming administration led by President-elect Donald Trump will enforce the executive order. Cybersecurity officials appointed by Biden have not yet engaged in discussions with the officials who will assume the responsibilities under the Trump administration.