Dear All,

US President Joseph Biden has issued a sweeping Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity, which among other directives mandates verification of security standards in government systems and federal software contractors. The Department of commerce is directed to issue guidance to businesses on cybersecurity best practices, creating a required baseline for any "companies seeking to do business with the government," and vendors who fail validation risk investigation by the Attorney General. All government IoT devices must carry the new Cyber Trust Mark label by January 4, 2027. The order gives CISA more access to agencies' security platforms to centralize defensive information and broaden its impact. Agencies must also shore up cloud platform authentication in the wake of recent attacks by China. President Biden directs the Department of Homeland Security (DHS), the Department of Commerce, and the National Science Foundation to prioritize comprehensive AI research, and directs DHS and the Department of Energy to investigate the application of AI to protect infrastructure. The order promotes agencies' adoption of digital identity documents, and includes "a provision requiring [The Office of Management and Budget] to help agencies reduce risks associated with concentration in the IT market," which WIRED calls "a not-so-veiled shot at Microsoft." Notably the order also "gives the U.S. more authority to sanction hackers, namely ransomware groups that hold victims’ systems hostage in exchange for ransom payments."

https://www.whitehouse.gov/briefing-room/presidential-actions/2025/01/16/executive-order-on-strength...