President Biden has signed a new cybersecurity order. It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide.
Some details:
The core of the executive order is an array of mandates for protecting government networks based on lessons learned from recent major incidents—namely, the security failures of federal contractors.
The order requires software vendors to submit proof that they follow secure development practices, building on a mandate that debuted in 2022 in response to Biden’s first cyber executive order. The Cybersecurity and Infrastructure Security Agency would be tasked with double-checking these security attestations and working with vendors to fix any problems. To put some teeth behind the requirement, the White House’s Office of the National Cyber Director is “encouraged to refer attestations that fail validation to the Attorney General” for potential investigation and prosecution.
The order gives the Department of Commerce eight months to assess the most commonly used cyber practices in the business community and issue guidance based on them. Shortly thereafter, those practices would become mandatory for companies seeking to do business with the government. The directive also kicks off updates to the National Institute of Standards and Technology’s secure software development guidance.
More Stories
Cloudflare Introduces E2E Post-Quantum Cryptography Protections
Cloudflare introduces E2E post-quantum cryptography, enhancing security against quantum threats Read More
UK’s Online Safety Act: Ofcom Can Now Issue Sanctions
From March 17, Ofcom will enforce rules requiring tech platforms operating in the UK to remove illegal content, including child...
Researchers Confirm BlackLock as Eldorado Rebrand
DarkAtlas researchers have uncovered a direct link between BlackLock and the Eldorado ransomware group, confirming a rebranded identity of the...
Improvements in Brute Force Attacks
New paper: “GPU Assisted Brute Force Cryptanalysis of GPRS, GSM, RFID, and TETRA: Brute Force Cryptanalysis of KASUMI, SPECK, and...
US Legislators Demand Transparency in Apple’s UK Backdoor Court Fight
A bipartisan delegation of US Congresspeople and Senators has asked the hearing between the UK government and Apple to be...
£1M Lost as UK Social Media and Email Account Hacks Skyrocket
Action Fraud reported a spike in social media and email account hacks in 2024, resulting in losses of nearly £1m...