Skip to main content
close search
site logo

Biden administration rolls out wide-reaching cybersecurity executive order

Released in the administration’s final days, the highly-anticipated order follows a series of sophisticated attacks against federal agencies and critical infrastructure providers.

Published Jan. 16, 2025
David Jones's headshot
Reporter
Anne Neuberger, deputy national security advisor for cyber and emerging technology, speaks at the White House.
Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger speaks during the daily press briefing at the White House on February 17, 2021. The Biden administration issued an executive order on cyber January 16, 2025. Drew Angerer via Getty Images

The White House rolled out a highly anticipated executive order on Thursday to combat a rising level of sophisticated attacks targeting U.S. government agencies, critical infrastructure providers and high-profile individuals by state-linked threat groups and other malign actors. 

The executive order will give the U.S. more authority to level sanctions against malicious actors that have disrupted hospitals and other critical providers. 

Federal authorities also plan to leverage the government’s $100 billion in annual IT spending to make sure technology companies develop more secure software 

The order follows a rash of state-linked campaigns, including the hack of nine telecom companies by Salt Typhoon as well as a separate attack against the Treasury Department connected to the compromise of BeyondTrust customers. The recent attacks have all been linked to hackers backed by the People’s Republic of China. 

“The goal is to make it costly and harder for China, Russia, Iran and ransomware criminals to hack and to also signal that America means business when it comes to protecting our businesses and our citizens,” Anne Neuberger, deputy national security advisor for cyber and emerging technologies, told reporters during a virtual briefing on Wednesday. 

Neuberger also cited prior hacks, including Russia-linked targeting of satellite systems before the Ukraine invasion in 2022 and the state-linked hack of Microsoft Exchange Online in 2023

White House officials have not yet had specific talks with the incoming administration on the order, as the Trump administration has not yet publicly named its new cyber leadership. Neuberger and other cyber policy experts have said there is bipartisan support for additional measures to boost cyber resilience.

To help increase security in the public and private sector, the executive order aims to: 

  • Give the U.S. more authority to level sanctions against hackers that have critical providers, including hospitals. 
  • Require software vendors doing business with the federal government to prove they are using secure development practices. The federal government plans to validate that evidence and publish the information to help private sector buyers make informed decisions on secure software. 
  • The National Institute for Standards and Technology will develop guidance on how to deploy software updates in a secure and reliable manner. 
  • The General Services Administration will develop guidance on how cloud customers can securely use these products.  
  • Identify minimum cybersecurity standards for companies working with the federal government. Bureaucracy and cybersecurity requirements for using federal information systems will be streamlined for three years. 
  • Federal authorities will begin research into AI-based tools to search for software vulnerabilities, manage patching and detect threats. A public-private partnership will be developed to use AI to protect critical infrastructure in the energy sector. 
  • The U.S. will only buy internet-connected devices that meet Cyber Trust Mark standards starting in 2027.

Katell Thielemann, distinguished VP analyst at Gartner, said the executive order represents a set of security challenges the Biden administration would have liked to tackle much sooner. 

“It is wide-ranging in scope, and reads like a wish list of items the outgoing administration wanted to tackle but ran out of time to implement,” Thielemann told Cybersecurity Dive via email. 

Some of the items in the executive order may prove easier to implement than others, as the incoming administration will likely be able to reverse some of these initiatives, Thielemann noted.

Editors' picks

Company Announcements

View all | Post a press release
Excelsior Orthopaedics Data Breach Investigation
From Migliaccio and Rathod LLP
January 08, 2025
American Trust Retirement Data Breach Investigation
From Migliaccio and Rathod LLP
January 07, 2025
Medusind Data Breach Investigation
From Migliaccio and Rathod LLP
January 08, 2025
Editors' picks
Latest in Strategy
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.