Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Biden Administration Drafting EO to Help U.S. Gov’t Secure Digital Supply Chain
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Biden Administration Drafting EO to Help U.S. Gov’t Secure Digital Supply Chain

5 years ago David Bisson
Biden Administration Drafting EO to Help U.S. Gov’t Secure Digital Supply Chain

The Biden administration said it’s drafting an executive order to help the United States government better defend itself against digital supply chain attacks.

A Step Up for Federal Procurement

According to NPR, the executive order that’s being drafted will include several initiatives designed to strengthen the security of the United States’ digital supply chain.

Among those will be a new set of digital security requirements for companies that are looking to do business with the federal government.

“So essentially, federal government procurement allows us to say, ‘’If you’re doing business with the federal government, here’s a set of things you need to comply with in order to do business with us,’” Anne Neuberger, deputy national security adviser for cyber and emerging technology at the White House, told NPR in an exclusive interview.

That set of things could include a greater level of transparency in how developers create their products as well as proof that developers are using security best practices such as multi-factor authentication (MFA) and vulnerability management to harden their software.

Kiersten Todt, managing director of the Cyber Readiness Institute and a former Obama adviser on cyber issues, explained how important it is for the U.S. government to be clear about its security expectations regarding the private sector. As quoted by NPR:

The key here is we can’t just expect companies to be motivated to build secure software because it’s the right thing to do. Government has to be working with these companies to tell them what secure software looks like and give them the resources, and incentivize them to do so.

Otherwise, the U.S. government could have another SolarWinds-type event on its hands.

A Look Back at the SolarWinds Supply Chain Attack

In mid-December 2020, Tripwire VERT warned that an advanced persistent threat (APT) actor had inserted a backdoor into officially signed versions of SolarWinds’ Orion IT network management software.

Successful compromise by that malware enabled digital attackers to potentially gain complete access to an infected network.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) noted at that time that the SolarWinds backdoor posed “unacceptable risk to Federal Civilian Executive Branch agencies.” It thus mandated federal agencies to disconnect their affected devices and wait for further guidance before reconnecting those assets.

Over the next few months, however, news emerged about the supply chain attack having affected several federal departments and agencies including NASA, the Department of Homeland Security (DHS), the Department of Justice and the National Nuclear Security Administration.

The total number of organizations affected by the SolarWinds supply chain attack, including those in the federal government, was still unknown as of this writing.

In April 2021, the Biden Administration announced a new round of sanctions on Russia in response to allegations that Moscow was  ultimately responsible for the attack.

Those sanctions targeted 32 entities including Russian government and intelligence officers as well as companies that provided support to Russia’s digital attack operations, wrote Bloomberg.

As part of its decision to sanction Russia, the Biden Administration also expelled 10 Russian diplomats from Washington and barred U.S. financial institutions from participating in the primary market for new debt in Russia beginning on June 14.

Changes to Incident Response and Intel Sharing

Acknowledging the experience of SolarWinds, the Biden Administration is using its executive order to create something like a digital National Transportation Safety Board. The idea is for the U.S. government to use that entity or process to inspect the code and data logs of a successful digital attack to figure out what happened and to prevent it from happening again.

“What can we learn with regard to how we get advance warning of such incidents?” Neuberger told NPR. “What allowed it to be successful? Potentially, what allowed it to be broad, if it was, which sectors were affected? Why?”

The draft order will also include additional provisions that compel federal contractors to be open about successful digital attacks. With those new guidelines in place, the U.S. government can share relevant tactics, techniques and procedures (TTPs) among federal agencies and departments as well as with the private sector.

It’s currently unclear when an official draft of the executive order will be available to the public.

The post ” Biden Administration Drafting EO to Help U.S. Gov’t Secure Digital Supply Chain” appeared first on TripWire

Source:TripWire – David Bisson

Tags: APT, Goverment, TripWire

Continue Reading

Previous Researchers Uncover Iranian State-Sponsored Ransomware Operation
Next A Rust-based Buer Malware Variant Has Been Spotted in the Wild

More Stories

  • Data Breach
  • Vulnerabilities

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

5 hours ago [email protected] (The Hacker News)
  • Data Breach
  • Malware

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

8 hours ago [email protected] (The Hacker News)
  • Cyber Attacks

⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More

10 hours ago [email protected] (The Hacker News)
  • Malware

Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign

17 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack

2 days ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Vulnerabilities

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

3 days ago [email protected] (The Hacker News)

Recent Posts

  • OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
  • DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
  • ⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More
  • 3 SOC Process Fixes That Unlock Tier 1 Productivity
  • The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT