World.Alpha-News.org ➤ The news of the world is here

"DETROIT, Jan 10 (Reuters) - The President is calling for tighter cybersecurity standards for federal agencies and contractors in a new executive order set to be published soon, aimed at addressing Chinese-linked cyber operations and cybercriminal activities, as per a draft of the order seen by Reuters.

The order is scheduled to be issued towards the end of Biden’s presidency, following several notable Chinese-linked hacks and cybersecurity incidents targeting critical infrastructure, government emails, major telecom companies, and, most recently, the U.S. Treasury Department. Beijing has denied these allegations.

Biden's proposal includes stricter standards for secure software development, mechanisms to verify compliance with these standards, and the establishment of a process for the Cybersecurity and Infrastructure Security Agency (CISA) to assess this compliance, according to the draft.

Vendors will need to provide documentation regarding secure software development for evaluation and validation by CISA through the agency's software attestation program. Attestations that do not pass validation may be referred to the attorney general for appropriate action, the draft states.

Tom Kellermann, senior vice president of cyber strategy at Contrast Security, expressed that while the attestation provisions fall short, he commends the efforts to promote more secure software development. He mentioned that the deadlines for implementation outlined in the order seem arbitrary given the immediate threats from China, Russia, and formidable cybercriminal groups.

“[The threats are] already here,” Kellermann stated. “We are dealing with literally an insurgency across critical infrastructure and U.S. government agencies that has been stoked by the Russians and Chinese.”

The order also directs the establishment of guidelines for secure management of access tokens and cryptographic keys used by cloud providers, following instances where Chinese-linked hackers exploited this method to access email accounts of top U.S. government officials in May 2023.

Brandon Wales, vice president of cybersecurity strategy at SentinelOne and a former senior CISA official, shared with Reuters that the order continues the progress made over the past five years to develop capabilities, acquire necessary authorities, and funding. He emphasized that while the threat from China is substantial, the U.S. government and private sector must address numerous threats.

“It makes sense to leverage the capabilities that have been established over the past two administrations,” Wales pointed out.

The White House declined to provide comments, and CISA did not respond to a request for comment."