Biden Plans Stricter Cybersecurity Measures Over China Hack Concerns

In a draft executive order that Reuters has seen, President Joe Biden calls for stricter cybersecurity standards to be implemented by federal agencies and contractors. The order is intended to combat cybercrime and repeated Chinese-linked operations.

 

According to the U.S. Government and cybersecurity research organizations, the order will be delivered in the final days of Biden’s presidency. During this time, several high-profile hacks with Chinese links occurred. The alleged activity was directed at critical infrastructure, government email, major telecom companies, and most recently the Treasury Department. Beijing has denied the allegations.

 

According to the draft, Biden’s proposal would require tougher standards to be used for software development. It also calls for the Cybersecurity & Infrastructure Security Agency (CISA) to evaluate this process.

 

 

CISA’s Software Attestation Program will require vendors to submit secure software development documents to be evaluated and verified by the agency. According to the draft, attestations of “failure validation” may be sent to the Attorney General for “actions as appropriate.”

 

Tom Kellermann is senior vice president for cyber strategy and development at Contrast Security. He said that the provisions on attestation are not enough, but he still “applauds’ the efforts made to encourage more secure software.

 

He said that the timelines set out in the order seemed “arbitrary” given the urgency of the threats posed by China, Russia, and powerful cybercriminal groups.

 

Kellermann stated, “They are already here. We are dealing with a literal insurgency that is affecting critical infrastructure and U.S. Government agencies, and it has been stoked up by the Russians.”

 

 

This order also requires the creation of guidelines for cloud providers to use in managing access tokens and cryptographic keys. Microsoft reported that Chinese hackers used this method in May 2023 to gain access to the email accounts of top U.S. officials.

 

Brandon Wales, vice-president of cybersecurity strategy for cybersecurity company SentinelOne, and formerly a CISA top official, told Reuters that the order is based on the ongoing work done over the past five years to build capabilities and obtain the right authorities and funding. The threat from China is a “pacing” threat that “drives the urgency and focus throughout the government”. However, the U.S. Government and private sector are also facing several other threats.

 

Wales stated that it was important to continue looking for ways to maximize the value of the capabilities built during the last two administrations.

 

The White House refused to comment and CISA didn’t respond to an inquiry for comment.