Digital Identity
,
Government
,
Industry Specific
Officials Worry Trump’s Cybersecurity Agenda Could Scrap Biden’s Final Cyber Orders
An executive order set to be published by the Biden administration in its waning days could offer the next White House a blueprint to counter Chinese cyberattacks but experts fear its timing – so close to the transition of power – could make it practically dead on arrival.
See Also: The CIS Security Operations Center (SOC)
A draft of the order obtained by Information Security Media Group shows the Biden administration entrenching even further the Cybersecurity and Infrastructure Security Agency as the lead agency for federal civilian cybersecurity through buttressed authorities. The order would introduce new software attestation requirements for federal contractors, pile on artificial intelligence security measures and guidance for a post-quantum cryptography future. Deputy National Security Director for Cybersecurity Anne Neuberger said during a Tuesday press briefing the order aims to give the next administration “the best possible foundation” for national cybersecurity.
Federal officials initially said the order would be released as early as Friday, though it is now expected to arrive sometime early next week, according to sources aware of the timeline.
Several officials involved in its drafting, speaking on condition of anonymity, highlighted sharp contrasts in attitude between the current and incoming administration when it comes to CISA. The agency has become a lightning rod for Republican criticism largely sparked by its role in election security and past efforts at combatting disinformation.
Newly-empowered Republicans appear slated to push for sweeping changes, including budget cuts and a shift in the agency’s mission (see: CISA Faces Uncertain Future Under Trump). A former CISA official said the order’s future likely hinges on its political reception. There’s a possibility that President-elect Donald Trump might discard it once taking office on Jan. 20 simply due to its provenance.
“If this had come out a year ago we’d probably be more excited, because it would be in the middle of an administration,” the former official said. “The timing is tricky, and the best time to do this would have been three years ago – but the next best time to do it is now.”
The draft order directs the Office of Management and Budget to issue guidance on managing federal information resources, including addressing IT vendor risks. It tasks the National Institute of Standards and Technology with creating updated security requirements for federal cloud providers.
The draft also focuses on digital identity, proposing expanded federal use of services like mobile driver’s licenses, increased state funding to enhance document interoperability and strengthened measures for data minimization and security.
Officials and private sector partners involved in drafting the order worry the Biden administration may preemptively moderate it in a bid to bolster its chances of survival. Some of its more routine mandates, such as enhancing endpoint detection and threat hunting through the federal CIO and CISO councils are closer to housekeeping measures than any sweeping change.
“We all have our thoughts on what the Trump administration should do with regard to national cybersecurity,” said a former official involved in the drafting of the order. “But what they’re planning for the next four years is really anyone’s guess.”