Published on: January 21, 2025
President Joe Biden issued an executive order aimed at bolstering cybersecurity across federal agencies and their contractors, marking one of his last major policy actions before leaving office. This move follows a series of high-profile cyber attacks, often linked to China, that have revealed critical vulnerabilities in government systems and private-sector networks.
Over the last few years, multiple Chinese-linked cyber operations have targeted sensitive U.S. infrastructure, compromising government emails and triggering widespread concern among federal officials. These incidents underscore the urgent need for decisive action to protect vital data from advanced threat actors. By introducing a stronger framework for software security and cloud protection, the Biden administration hopes to stifle future intrusion attempts.
The new order mandates that all vendors doing business with the federal government adhere to stricter secure software development practices. Documentation detailing these practices must be submitted for evaluation by the Cybersecurity and Infrastructure Security Agency (CISA). Failure to meet the required standards could have severe legal repercussions, including potential referral to the attorney general for further action.
Some cybersecurity experts warn that these new measures, while necessary, may not be enough to address the immediacy and scale of threats.
“They’re already here,” Tom Kellermann, senior vice president of cyber strategy at Contrast Security, cautioned. “We are dealing with literally an insurgency across critical infrastructure and US government agencies that has been stoked by the Russians and Chinese.”
Among the primary requirements is a call to develop better protocols for managing access tokens and cryptographic keys. This comes on the heels of a major breach in May 2023, in which Chinese-linked hackers reportedly exploited token mismanagement to gain unauthorized access to critical government email accounts.
Still, some worry that the timeline for full implementation may be too brief. Brandon Wales, vice president of cybersecurity strategy at SentinelOne, suggests that while the order builds on recent progress, it’s vital to continue refining existing capabilities: “It makes sense to continue to look for ways to get the most value out of capabilities that have been built over the past two administrations.”
This executive order arrived in the final days of Biden’s presidency, a period marked by heightened cybersecurity concerns. Through stricter rules on secure software development and closer coordination with agencies like CISA, the administration aims to cement a robust federal cybersecurity framework that could outlast current leadership changes.