How Biden’s executive order on cybersecurity may impact vendors and developers
- May 18, 2021
Topic: How Biden’s executive order on cybersecurity may impact vendors and developers
Though most of the EO is aimed at government agencies, vendors and developers will have to design all of their products with a greater focus on security, according to Finite State.
With ransomware attacks increasingly impacting businesses, government agencies and critical infrastructure, President Joe Biden last week signed an executive order (EO) designed to shore up the nation’s cyber security. Among the seven sections described in the order, one requires a zero-trust model among government agencies, another tries to foster information sharing between the government and private sector, and a third establishes stricter security standards for any technology products sold to the government.
Most of the rules and requirements defined in the EO are directed at the government. The goal is to control how federal agencies not only handle security incidents but also procure and use hardware and software from the private sector. As the government is a significant purchaser of technology products, the hope is that vendors and developers will place a greater focus on security if only to keep one of their major customers happy.
But the same products that vendors and developers design for the government also end up in the hands of corporations and other businesses. Ideally, this should create a trickle-down effect in which the private sector starts demanding the same attention to security required by the government.
What will this new scenario mean for the companies that create and sell hardware and software? A report published last Thursday by supply chain security firm Finite State offers advice on how vendors and developers should prepare to follow the guidelines in the EO.
Section 4 of the EO is called Enhancing Software Supply Chain Security. This one cites the problem of too many software programs that lack transparency, are unable to resist cyberattack, and have vulnerabilities that can be exploited to attackers. To address this issue, software developers will have to offer proof of the security of their products, their testing methods, any known vulnerabilities, and their ongoing security process. But simply filling out a questionnaire about their software development will no longer suffice, according to Finite State.
Topic Discussed: How Biden’s executive order on cybersecurity may impact vendors and developers