Biden orders review, new rules governing US national cybersecurity

(Image credit: Shutterstock)

President Biden introduces new governmental cybersecurity requirements
Third-party software providers must demonstrate adherence to new requirements
The federal government must use end-to-end encryption by default

In one of his last acts as President of the United States, Joe Biden has signed an executive order aimed at strengthening US national cybersecurity.

The order lays out a series of checks and reviews on third-party software providers for both government systems and critical infrastructure in order to ensure they are adhering to established cybersecurity standards and making active efforts to eradicate existing vulnerabilities.

The executive order posits the People’s Republic of China is the main threat to vulnerable networks, likely referencing numerous attacks against US critical infrastructure in early 2024 by the Chinese state-sponsored Volt Typhoon group, and subsequent attacks against US telecommunications networks by the group.

New security standards

“I am ordering additional actions to improve our Nation’s cybersecurity, focusing on defending our digital infrastructure, securing the services and capabilities most vital to the digital domain, and building our capability to address key threats,” President Biden's order said.

It also builds upon previous requirements laid out in the Executive Order on Improving the Nation’s Cybersecurity from 2021, and implements greater security checks on third-party providers to ensure “software providers that support critical Government services are following the practices to which they attest.”

Third-party providers will therefore have to provide frequent demonstrations that their software and supply chains are secure, with the contracting agency being notified of those failing to meet security requirements.

The federal government is also mandated to adopt identity management software, phishing-resistant authentication, and end-to-end encrypted communications by default across DNS protocols, email, voice and video conferencing, and instant messaging.

Biden also looks to address the future threat of cryptanalytically relevant quantum computers (CRQC) which, when viable, will be able to break many of the encryption algorithms in use today. US agencies will be required to adopt quantum-safe encryption methods authorised by the National Institute of Standards and Technology (NIST).

Take a look at our guide to the best endpoint protection
Keep your device secure with the best firewalls
Many firms see cyberattacks as their top business concern this year

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.