The Biden administration said it’s drafting an executive order to help the United States government better defend itself against digital supply chain attacks.

A Step Up for Federal Procurement

According to NPR, the executive order that’s being drafted will include several initiatives designed to strengthen the security of the United States’ digital supply chain.

AppSec/API Security 2022

Among those will be a new set of digital security requirements for companies that are looking to do business with the federal government.

“So essentially, federal government procurement allows us to say, ‘’If you’re doing business with the federal government, here’s a set of things you need to comply with in order to do business with us,’” Anne Neuberger, deputy national security adviser for cyber and emerging technology at the White House, told NPR in an exclusive interview.

That set of things could include a greater level of transparency in how developers create their products as well as proof that developers are using security best practices such as multi-factor authentication (MFA) and vulnerability management to harden their software.

Kiersten Todt, managing director of the Cyber Readiness Institute and a former Obama adviser on cyber issues, explained how important it is for the U.S. government to be clear about its security expectations regarding the private sector. As quoted by NPR:

The key here is we can’t just expect companies to be motivated to build secure software because it’s the right thing to do. Government has to be working with these companies to tell them what secure software looks like and give them the resources, and incentivize them to do so.

Otherwise, the U.S. government could have another SolarWinds-type event on its hands.

A Look Back at the SolarWinds Supply Chain Attack

In mid-December 2020, Tripwire VERT warned that an advanced persistent threat (APT) actor (Read more...)