Biden to Strengthen Cybersecurity Standards Amid Rising Chinese Hacking Threats

In response to increasing cyber threats linked to China, President Joe Biden is set to issue a new executive order mandating stricter cybersecurity standards for federal agencies and contractors. The move, expected in the coming days, aims to bolster defences against persistent cyber intrusions targeting critical U.S. infrastructure, government systems, and private enterprises.

A Growing Threat
The Biden administration has faced several high-profile cyberattacks during its tenure, many attributed to Chinese-linked actors by the U.S. government and cybersecurity experts. These attacks have targeted sectors including telecommunications, government email systems, and, most recently, the U.S. Treasury Department. Beijing has consistently denied involvement in these incidents.

“The threat is immediate and pervasive,” said Tom Kellermann, senior vice president of cyber strategy at Contrast Security. “We’re dealing with an insurgency across critical infrastructure and U.S. government agencies, driven by Chinese and Russian cyber activities.”

Key Provisions of the Order
The draft of the executive order outlines measures to enhance secure software development practices. Key requirements include:

• Secure Software Documentation: Vendors will need to provide attestations demonstrating compliance with secure software development standards.
• CISA Validation: The Cybersecurity and Infrastructure Security Agency (CISA) will evaluate these attestations. Failures may be referred to the attorney general for further action.
• Cloud Security Measures: The order also calls for guidelines to securely manage access tokens and cryptographic keys used by cloud providers—a method exploited by Chinese-linked hackers in a May 2023 breach of U.S. government email accounts, according to Microsoft.

Urgency vs. Implementation
While experts have lauded the administration’s efforts, some have raised concerns about the timelines outlined in the order.

“The timelines seem arbitrary given the immediacy of the threats,” Kellermann said, emphasising that these cyber threats are already affecting U.S. infrastructure and systems.

Brandon Wales, vice president of cybersecurity strategy at SentinelOne and a former top CISA official, noted the order builds on ongoing efforts over the past five years. He described China as a “pacing threat” driving the urgency across government agencies but stressed the importance of addressing a wider array of cyber risks.

“It makes sense to continue to look for ways to get the most value out of capabilities that have been built over the past two administrations,” Wales said.

A Broader Shift in Cybersecurity Policy
The order is part of a broader push by the Biden administration to strengthen the nation’s cybersecurity resilience. It follows previous initiatives aimed at protecting critical infrastructure, enhancing public-private partnerships, and increasing investment in cybersecurity research.

As China, Russia, and other state and non-state actors refine their cyber capabilities, the U.S. government’s focus on proactive defence is likely to intensify. The forthcoming executive order underscores the urgency of addressing these challenges and ensuring robust security measures are in place to safeguard federal systems and critical infrastructure.

What’s Next?
With the executive order imminent, vendors and federal agencies are expected to step up efforts to meet the new cybersecurity requirements. The mandate to improve software security practices and secure cloud infrastructure reflects a growing recognition of the need for comprehensive and immediate action against evolving cyber threats.

As Biden prepares to leave office, this initiative is poised to serve as a cornerstone of his administration’s cybersecurity legacy, setting the stage for continued advancements in safeguarding the nation’s digital assets.