US President Joe Biden on Thursday issued an executive order aimed at hardening the country’s defenses against cyber attacks and making it easier to sanction nations behind such strikes.
The executive order also requires companies selling software or systems to the government to prove they meet security standards laid out in an executive order by Biden four years ago.
The announcement “is designed to strengthen America’s digital foundations and also put the new administration and the country on a path to continued success,” deputy national security advisor for cyber and emerging technology Anne Neuberger said during a briefing with journalists.
“The goal is to make it costlier and harder for China, Russia, Iran and ransomware criminals to hack, and to also signal that America means business when it comes to protecting our businesses and our citizens.”
The order strengthens the authority of the US to sanction those behind cyber attacks threatening the security of the US or its allies, according to Neuberger.
“It essentially lowers the bar for the use of sanctions to punish those conducting disruptive cyber attacks against critical infrastructure,” Neuberger said.
“If an entity is conducted disruptive attack against critical infrastructure, we’ll come after them.”
The order also launched a partnership between the government and the private sector to use artificial intelligence to spot threats and fix cyber vulnerabilities, particularly in the energy sector.
The US government spends billions of dollars annually on IT software and services, according to Neuberger.
Requiring vendors to prove they are meeting cybersecurity standards and then publishing findings online promises to heighten security in the industry overall, she said.
“We’ve spent the last seven months carefully reviewing each hacking incident to determine exactly how the Chinese, other governments and criminals got through the gates,” Neuberger said.
“The goal is to better understand how to better protect and secure these systems and stay ahead of new threats.”
The executive order also centralizes “cyber threat hunting” with the Cybersecurity and Infrastructure Security Agency (CISA) to improve defenses across all government agencies.
Federal agencies will also be “pushed toward” encrypted online communications, according to Neuberger.