According to an obtained draft of the executive order, the Biden administration plans to soon issue a cybersecurity directive that will require agencies to adhere to stricter software procurement procedures, deploy detection and response tools on federal computer systems, among other measures. Sources familiar with the matter reveal that the document, which has been in the works for months, is expected to be signed by Friday or early next week. The directive builds upon the cybersecurity lessons learned after the Biden administration signed a flagship executive order in [year], which was prompted by a high-profile hacking incident.

Since then, the government has faced countless hacking incidents from agents of nation-states. According to a knowledgeable source, the recent cyberattack on the Treasury Department's systems was most likely carried out by a state-sponsored hacking group. Anne Neuberger, Deputy National Security Advisor for Cyber Security and Emerging Technologies, told reporters this week while describing upcoming administrative actions: "Over the past four years, we have learned many lessons from incidents of compromise through intrusions. We've understood what methods work and where the shortcomings lie. Our goal is to truly lay the best possible foundation for the next administration and build upon that for success."

草案要求各机构及其行业客户更加认真地考虑软件来源以及软件安全性审查方式。例如，联邦采购监管委员会将被要求与关键技术和国防机构合作，加强对承包商提交的安全软件认证语言的监督。根据该命令，政府必须在 2027 年之前采购带有新推出的网络信任标志认证标签的设备。US Internet Trust Logo is about to be launched该标志旨在告知消费者适用产品符合某些政府审查的网络安全标准。

Agencies also need to integrate their systems with endpoint detection and response (EDR) solutions, which are cybersecurity products specifically designed to monitor and respond to threats entering the network. Additionally, agencies must link their EDR data back to the Cybersecurity and Infrastructure Security Agency (CISA) so that the aggregated information can be used for threat hunting and incident response across the entire federal government. Last summer, a faulty software update in CrowdStrike's Falcon platform was pushed to millions of Windows computers, causing them to crash with the dreaded "blue screen of death." This incident affected multiple federal agencies as well as numerous companies and transportation hubs worldwide, sparking a surge in debates about endpoint solutions.

Space systems are also emphasized within this directive. For instance, the National Cyber Director will be tasked with drafting and submitting a research report that inventories existing space-to-ground connectivity systems, the information they manage, and recommendations for enhancing their cyber defenses. A senior Department of Defense official noted in May that ground-based space assets—such as mission control centers, launch facilities, and network equipment used for data transmission—are the most vulnerable to attacks. This is because protecting them from intrusions often requires basic cybersecurity measures that many organizations have yet to implement.

In addition, institutions need to strengthen internet and communication security. They must register their address resources with regional internet registries and issue Route Origin Authorizations (ROAs), which helps ensure the security of internet routing through the Border Gateway Protocol (BGP). BGP is a backbone data transmission algorithm used to determine the optimal path for data packets to travel across the network. For months, the White House has been working to secure this part of the internet amid growing concerns over BGP hijacking attacks, where hackers take over blocks of internet addresses by corrupting routing paths.

In terms of communication, agencies must encrypt their internet traffic, secure email connections with encryption and authentication, and enable encryption for tools such as voice calls, video conferences, and messaging applications. The directive states that end-to-end encryption should be used whenever possible to protect the privacy of sensitive conversations. Large-scale cyber intrusions into the global telecommunications networks of the U.S. and its allies have prompted officials to encourage Americans—especially high-value individuals such as politicians and government officials—to switch to encrypted messaging services, making it harder for hackers to extract sensitive intelligence from their conversations. Agencies have also recently issued internal communication guidelines.

The draft also touches on the cutting-edge field of post-quantum cryptography (PQC). To strengthen overall network encryption and prepare for fault-tolerant quantum computers, [agencies] are tasked with leading the regular updating of a list of software product categories that support post-quantum cryptography. Post-quantum standards aim to protect today's computers from future quantum devices capable of breaking current encryption methods. The draft directive instructs agencies to adopt hybrid or fully PQC approaches for generating and sharing keys, using standardized algorithms to safeguard data against quantum computer attacks while maintaining compatibility with existing systems. International cooperation in the post-quantum domain is also a key component. The Secretary of State, in collaboration with Commerce Department leadership, will identify and engage with specific foreign governments and industry groups to encourage their transition to algorithms standardized by the National Institute of Standards and Technology (NIST).

The directive also underscores the role of artificial intelligence in cyber defense. A key focus is leveraging AI software to swiftly identify and help patch cyber vulnerabilities, thereby strengthening cybersecurity efforts. For instance, the draft states that following the conclusion of the AI Cyber Challenge hosted by the Defense Advanced Research Projects Agency at a hacking conference, leaders from the Department of Energy, Department of Defense, and Department of Homeland Security will collaborate with critical infrastructure operators to launch a pilot program integrating AI into systems capable of detecting cyber vulnerabilities and threats in the energy sector. Additionally, the executive order mandates the Secretary of Defense, Secretary of Homeland Security, Director of National Intelligence, and Director of the Office of Management and Budget to incorporate AI software vulnerability management and incident response practices into their respective agencies' governance frameworks.

The draft also includes several digital identity initiatives, whereas a few years ago, Biden had pledged to issue an executive order specifically targeting fraud and identity theft in public benefits. That order has yet to be released, but the forthcoming cybersecurity decree will push agencies to increase the use of mobile driver's licenses to verify eligibility for public benefits. Some senior government officials are satisfied with the final content of the decree, particularly its technical sophistication. This executive order is a necessary step to protect the nation's cyber assets. Its strength lies in being more actionable than other executive orders. It highlights specific areas that don’t always receive attention, such as the Border Gateway Protocol, even though AI rightly garners focus. This executive order truly emphasizes collaboration, action, and results.

It remains unclear whether the order will remain in effect after the Trump administration takes office. According to a knowledgeable source, throughout the drafting process, staff associated with Trump have been attempting to review the order alongside Biden officials and eliminate the parts they dislike. It is still unknown how these discussions are proceeding. Although specific approaches may differ, the necessity of securing government systems against cyber threats is often a bipartisan goal.