Strengthening and Promoting Innovation in the Nation's Cybersecurity
- Executive Order Number
- 14144
- President
- Joseph R. Biden Jr.
- Signed
- January 16, 2025
- Published
- January 17, 2025
- Source
- Federal Register
- Original Document
- https://www.govinfo.gov/content/pkg/FR-2025-01-17/pdf/2025-01470.pdf
AI-Generated Summary
Executive Order 14144: Strengthening and Promoting Innovation in the Nation's Cybersecurity
Purpose
The purpose of Executive Order 14144, issued on January 16, 2025, is to enhance the cybersecurity of the United States in response to ongoing cyber threats, particularly from the People's Republic of China. It aims to improve the security of federal information systems, promote innovation in cybersecurity technologies, and strengthen the nation's digital infrastructure.
Key Actions and Directives
- Software Supply Chain Security:
- Agencies must adopt secure software acquisition practices and require software providers to use secure development practices.
- The Office of Management and Budget (OMB) and the Federal Acquisition Regulatory Council (FAR Council) are tasked with revising contract language to enforce these practices.
- Federal Systems Cybersecurity:
- Agencies are directed to implement phishing-resistant authentication and improve visibility of security threats across networks.
- The Cybersecurity and Infrastructure Security Agency (CISA) is to develop capabilities for threat hunting across federal agencies.
- Cloud and Space System Security:
- Policies will be developed to enhance the security of cloud services used by the federal government.
- Agencies managing space systems must verify and enhance their cybersecurity capabilities.
- Federal Communications Security:
- Agencies must implement strong identity authentication and encryption for federal communications.
- Measures will be taken to secure internet routing and Domain Name System (DNS) traffic.
- Cybercrime and Fraud Mitigation:
- Agencies are encouraged to accept digital identity documents for public benefits programs to combat identity theft and fraud.
- A pilot program will be developed to notify individuals of fraudulent payment requests.
- Artificial Intelligence in Cybersecurity:
- The order promotes the use of AI to enhance cyber defense, particularly in critical infrastructure.
- Research and funding will be prioritized for AI cybersecurity applications.
- Policy Alignment and Minimum Cybersecurity Practices:
- OMB will issue guidance to modernize IT infrastructure and align policies with modern cybersecurity practices.
- The National Institute of Standards and Technology (NIST) will develop guidance on minimum cybersecurity practices for industry.
- National Security Systems and Debilitating Impact Systems:
- Separate requirements will be developed for National Security Systems (NSS) and debilitating impact systems.
- Sanctions and Malicious Cyber-Enabled Activities:
- The order expands the scope of sanctions against individuals and entities engaging in significant malicious cyber activities.
Significant Changes to Policy or Law
- Software Development and Acquisition:
- New requirements for software providers to submit attestations and artifacts to demonstrate secure development practices.
- Updates to the Federal Acquisition Regulation (FAR) to enforce these requirements.
- Use of AI in Cybersecurity:
- Establishment of pilot programs and increased funding for research at the intersection of AI and cybersecurity.
- Digital Identity Verification:
- Encouragement for the use of digital identity documents in public benefits programs, with specific privacy and interoperability requirements.
- Sanctions Expansion:
- Amends Executive Order 13694 to broaden the criteria for blocking property related to malicious cyber activities.
Potential Impacts
- Government Agencies:
- Increased workload and costs associated with implementing new cybersecurity measures and technologies.
- Enhanced collaboration and information sharing among agencies to improve cybersecurity posture.
- Citizens:
- Improved security of public benefits programs and reduced risk of identity theft and fraud.
- Potential privacy concerns related to the use of digital identity documents and AI in cybersecurity.
- International Relations:
- Heightened tensions with countries identified as cyber threats, particularly China.
- Encouragement of international cooperation in transitioning to post-quantum cryptography.
Main Stakeholders
- Federal Agencies: Particularly those in the Federal Civilian Executive Branch, Department of Defense, and Intelligence Community.
- Software and Cloud Service Providers: Required to adhere to new security standards and practices.
- Critical Infrastructure Entities: Encouraged to participate in AI cybersecurity pilot programs.
- Citizens: Beneficiaries of enhanced cybersecurity measures and potential users of digital identity documents.
- Foreign Governments and Entities: Affected by expanded sanctions and international engagement on cybersecurity issues.
Legal, Constitutional, or Political Implications
- Legal Implications:
- The order leverages existing legal authorities, such as the International Emergency Economic Powers Act and the National Emergencies Act, to expand sanctions and enforce cybersecurity measures.
- The use of digital identity documents raises questions about compliance with privacy laws and regulations.
- Constitutional Implications:
- The executive order's directives must be implemented in a manner consistent with applicable law, ensuring they do not infringe on constitutional rights, particularly privacy and due process.
- Political Implications:
- The focus on China as a primary cyber threat could escalate tensions and influence diplomatic relations.
- The promotion of AI in cybersecurity could lead to debates over regulation, ethics, and the balance between security and privacy.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.