Facing Hacking Threats From China, Joe Biden Orders More Strict Cybersecurity Standards

US President Joe Biden will issue an executive order to tighten cybersecurity standards for federal agencies and government contractors. The move is designed to deal with the threat of hacking linked to China as well as other criminal cyber operations.

The move was announced at the end of Biden's presidency, after a number of major cyberattacks allegedly linked to China. The attack, according to the US government and cybersecurity research groups, targeted critical infrastructure, government emails, major telecommunications companies, and the US Treasury Department. However, Beijing denies the allegations.

In this executive order, Biden called for stricter standards for the development of secure software, verification of compliance with these standards, as well as evaluation by the Cybersecurity and Infrastructure Security Agency (CISA). If a violation or failure of validation is found, CISA can refer the case to the attorney general for further action.

Software vendors are required to provide secure software development documentation, which will be validated through the CISA athletes program.

Tom Kellermann, Senior Vice President of Cyber Strategy at Contrast Security, stated that although this step should be appreciated, the provisions related to the attestation are still not firm. He also highlighted the urgency of the ongoing threat from China, Russia, and other cybercriminal syndicates.

The threat is already here. We are facing insurgency in critical infrastructure and US government agencies driven by Russia and China," Kellermann said.

The order also requires guidance development to manage token access and cryptography keys used by cloud providers. This technique was previously misused by Chinese-related hackers to access the email accounts of top US government officials in May 2023, according to Microsoft.

Brandon Wales, Vice President of Cybersecurity Strategy at SentinelOne, called this move a continuation of efforts over the past five years to build the right capabilities, authorities, and funding. Although threats from China are the main focus, other cyber threats from various actors also require serious attention.

The US government and the private sector need to continue to look for ways to maximize the capabilities that have been built during the last two governments, Wales said. White House and CISA have yet to comment on this executive order.