Slak.me

Executive Order—strengthening and Promoting Innovation in the Nation's Cybersecurity

Honest Title:

Cyber EO: Expanding Surveillance Powers

Constitutional Risk:
6
Signed by: Joseph R. Biden, Jr.
Signed: 1/16/2025
Last Updated: 3/26/2025
Executive Order

Summary

This order strengthens US cyber defenses via new standards for software, systems, & comms. Mandates secure practices, improves threat detection, enhances encryption, & promotes AI. It targets cybercrime & fraud, updating sanctions for malicious cyber activity.

Updates

Recent Updates and Developments: Executive Order on Strengthening and Promoting Innovation in the Nation's Cybersecurity

This chronological list outlines recent updates and anticipated developments related to the Executive Order—Strengthening and Promoting Innovation in the Nation's Cybersecurity, signed on January 15, 2025. Please note that due to the recent date of the Executive Order, concrete updates on implementation and impact are still emerging.

  • January 15, 2025:

    • The Executive Order—Strengthening and Promoting Innovation in the Nation's Cybersecurity was signed.
    • This order focuses on enhancing national cybersecurity through several key areas: supply chain security for software, improvements to federal systems, securing federal communications, and combating cybercrime.

  • Anticipated by March 16, 2025 (Within 60 days of the order):

    • The Secretary of Commerce, through NIST, is expected to establish a consortium with industry to develop guidance for secure software development practices, based on NIST Special Publication 800-218 (Secure Software Development Framework (SSDF)).
    • The Secretary of Homeland Security, through CISA, is expected to evaluate methods for secure software development attestations and provide guidance to software providers on submission to CISA's RSAA website.

  • Anticipated by April 15, 2025 (Within 90 days of the order):

    • NIST is expected to update Special Publication 800-53 (Security and Privacy Controls) to include guidance on secure patch and update deployment.
    • FCEB agencies are expected to begin ensuring the security of their Internet number resources (IP addresses and Autonomous System Numbers).
    • FedRAMP, in coordination with NIST and CISA, is expected to develop policies to incentivize or require cloud service providers in the FedRAMP Marketplace to produce secure configuration baselines for agency cloud systems.
    • OMB, in coordination with NIST, GSA, and FASC, is expected to take steps to require agencies to comply with NIST Special Publication 800-161 (Cybersecurity Supply Chain Risk Management Practices) and mandate annual implementation updates from agencies.
    • The Department of Defense, through the NSA, is expected to develop cybersecurity requirements for National Security Systems (NSS) and debilitating impact systems, consistent with the Executive Order.

  • Anticipated by May 15, 2025 (Within 120 days of the order):

    • CISA and OMB are expected to jointly issue recommendations to agencies on security assessments and patching of open source software, and best practices for contributing to open source projects.
    • The National Cyber Director is expected to submit a study of space ground systems owned or managed by FCEB agencies to OMB.

  • Anticipated by June 14, 2025 (Within 150 days of the order):

    • The Department of Commerce, Energy, Homeland Security, and NSF are expected to prioritize funding for programs that develop large-scale datasets for cyber defense research and ensure accessibility of existing datasets to the research community.
    • The Department of Defense, Homeland Security, and the Director of National Intelligence are expected to integrate AI software vulnerability management into their existing processes.

  • Anticipated by July 14, 2025 (Within 180 days of the order):

    • NIST is expected to develop and publish a preliminary update to the SSDF.
    • The Department of the Interior, Commerce, and NASA are expected to review civil space contract requirements and recommend updates to civil space cybersecurity requirements to the FAR Council.
    • CISA, in coordination with the Federal CIO and CISO Councils, is expected to release a concept of operations enabling CISA to access data from FCEB agency endpoint detection and response (EDR) solutions and security operation centers.
    • The Department of Energy, in coordination with the Department of Defense and Homeland Security, is expected to launch a pilot program on using AI to enhance cyber defense of critical infrastructure in the energy sector.
    • The FAR Council is expected to review guidance and potentially amend the FAR based on the Executive Order.

Ongoing Monitoring:

Due to the recent issuance of this Executive Order, significant public reactions, legal challenges, or detailed implementation progress reports are not yet widely available. Continued monitoring of official agency websites (CISA, NIST, DHS, OMB), legal news sources, and expert commentary will be crucial for tracking further developments and assessing the impact of this Executive Order. Areas to watch include:

  • Agency implementation plans and guidance documents.
  • Updates to NIST Special Publications related to cybersecurity.
  • Any legal challenges or court decisions related to the order.
  • Feedback and analysis from industry and cybersecurity experts.
PreviousExecutive Order—helping Left-behind Communities Make a ComebackNextExecutive Order—taking Additional Steps With Respect to the Situation in Syria