Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
The fate of the Biden administration’s late-hour cybersecurity-inspired executive order is, at the moment, executive order not found.
Biden’s Jan. 16 directive, mandating practices like security attestations for government software vendors, leads to an error page. The wide-ranging EO, titled “Strengthening and Promoting Innovation in the Nation’s Cybersecurity,” however, has not yet made the list of the new Trump administration’s executive-order revocations.
To IT pros who spoke with us: Biden’s order demonstrated a helpful, tone-setting announcement of security priorities for public and private sectors, even if it was a hopeful “Hail Mary” heave to some.
“There is always the possibility that the incoming administration will look at some of the directives in this executive order and decide to rescind them or change them. But…you’re on your way out, and you’ve decided that these are the actions that you want to take or put in place as you exit, and you hope that some of them stick around,” Tim Erlin, VP of product at Wallarm, told IT Brew, days before Trump’s inauguration.
In a cyber-order including priorities like combating fraud and securing government connections, one Biden priority featuring “pretty aggressive” deadlines, according to Ryan McCarthy, senior director at consultancy Protiviti, included software supply-chain security—defined in the order with the directive “Operationalizing Transparency and Security in Third-Party Software Supply Chains.”
Third-party in the UST. In early Dec. 2024, third-party identity management provider BeyondTrust notified the US Treasury of a compromised key leading to a threat actor’s overriding of security and remote access to certain Treasury user workstations and documents.
“They’ve been seeing these types of attacks, both in the government as well as, frankly, out in the wild across, the private sector, and have recognized that it is probably the most difficult problem that a lot of companies and critical infrastructure face,” McCarthy told IT Brew.
Verizon’s 2024 Data Breach Investigations Report found that 15% of breaches (from Nov. 1, 2022 to Oct. 31, 2023) involved a third-party supplier.
Order up! The Trump administration released 40-plus executive orders on Day 1, including a return-to-office mandate and the establishment of the Department of Government Efficiency (DOGE) “to promote inter-operability between agency networks and systems, ensure data integrity, and facilitate responsible data collection and synchronization”—an effort requiring cybersecurity principles, seemingly.
Biden’s executive order, whether it gets tackled down or raised up, signals to both public and private sector, according to Glenn Weinstein, CEO of software-management company Cloudsmith, particularly the previous administration’s emphasis on vendors’ completing a form for secure software development attestation.
“These types of standards have a way of trickling down to the broader community, particularly software makers that make any sort of enterprise software for medium or large companies,” he told us.
“Regardless of the legal fate of this particular executive order, the awareness and the discussion around what is being attested in that attestation form, and encouraging software makers to submit that form, is the real outcome of publishing this executive order last week.”