Biden Cyber Order Adds Teeth to Supply-Chain Software Standards

Caleb Skeath and Ryan Burnette’s commentary was included in a Bloomberg Law article on the Biden administration’s issuance of an executive order that would require federal software vendors to prove they meet heightened cybersecurity standards. Caleb tells Bloomberg Law that the order, if fully implemented, could force a “paradigm shift” in companies’ minimum security standards.

Caleb also notes that despite the order’s overall focus on government contractors, “it’s still very much worth keeping an eye on for private sector entities more broadly.” That spillover into the private industry may even achieve “some of the administration’s goals of uplifting cybersecurity practices overall.” Following the executive order, and if the Cybersecurity and Infrastructure Security Agency’s (CISA) proposed rules implementing the Cyber Incident Reporting for Critical Infrastructure Act are finalized in their current form, CISA is “going to be serving as a central hub for receiving and disseminating what I think we anticipate is going to be a very broad array of incident-related information,” Caleb said.

Ryan added that the executive order is “an iterative approach. What we’re really seeing is the government starting to put teeth into the program that it put in place.” He also said that “what we’re seeing now is, I think, the government starting to think about enforcement.”