President Joe Biden has signed an executive order that outlines additional measures to improve the country’s cybersecurity by enhancing the U.S. government’s cyber sanctions authorities against ransomware attackers and other threat actors and improving accountability for software and cloud service providers.

Advancing Software Security

The White House said Thursday the EO directs the director of the Office of Management and Budget and secretary of the Department of Homeland Security to recommend contract language requiring software providers to submit to the Cybersecurity and Infrastructure Security Agency machine-readable secure software development attestations, high-level artifacts to validate those attestations.

Software vendors should also submit to CISA a list of their Federal Civilian Executive Branch agency software customers.

The new policy requires the National Institute for Standards and Technology to develop guidance on how to securely deploy software updates to prevent cyber incidents and directs the General Services Administration to create a policy that would require cloud providers to submit suggestions for how clients can secure their use of cloud offerings.

Promoting the Use of AI for Cyber Defense

The EO launches a public-private partnership to implement artificial intelligence to defend critical energy infrastructure from cyberthreats and directs research and development of AI-based cybersecurity tools and techniques.

The measure also seeks to accelerate the adoption of post-quantum technologies and calls for the development of new cybersecurity contract requirements for agency-procured space systems.