The Biden Administration has issued a comprehensive executive order on emerging technologies and security risks, aiming to bolster federal cybersecurity protections and harness the security benefits of AI.
A Sweeping Cybersecurity Directive: Biden’s Final Effort to Boost US Digital Security
The Biden White House has unveiled a comprehensive 40-page executive order aimed at bolstering federal cybersecurity protections, directing government use of AI, and taking a swipe at Microsoft‘s dominance. The directive, issued four days before President Joe Biden leaves office, is the administration’s final attempt to kickstart efforts to harness the security benefits of AI, roll out digital identities for US citizens, and close gaps that have allowed China, Russia, and other adversaries to repeatedly penetrate US government systems.
Protecting Government Networks: A Mandate for Secure Development Practices
The core of the executive order is an array of mandates for protecting government networks based on lessons learned from recent major incidents. The directive requires software vendors to submit proof that they follow secure development practices, building on a mandate introduced in 2022 in response to Biden’s first cyber executive order. The Cybersecurity and Infrastructure Security Agency (CISA) would be tasked with double-checking these security attestations and working with vendors to fix any problems.
Tapping into AI for Cyber Defense
The security risks and opportunities of AI play a major role in the executive order. The document directs the departments of Energy and Homeland Security to launch a pilot program to use AI to help protect energy infrastructure, with the goal of automating things like vulnerability detection and patching. The Defense Department would have to launch a program to use “advanced AI models” for cyber defense.
Boosting CISA’s Ability to Watch for Cyberattacks
Another part of the order boosts CISA’s ability to watch for cyberattacks across the government by tapping into the security software that other agencies operate. It’s an attempt to reduce visibility gaps that adversaries have successfully exploited in many intrusions, especially the 2020 SolarWinds hack.
Lowering Barriers to Sanctioning Cyberattackers
The order also lowers the bar for the government to be able to sanction people who launch cyberattacks on US critical infrastructure, potentially easing barriers to deploying one of Washington’s favorite responses to major hacks.
