Executive Order to Beef Up Software Security.

• Author: Tadjdeh, Yasmin
• Position: Algorithmic Warfare

* Following major cybersecurity attacks targeting government agencies and critical infrastructure, President Joe Biden released a far-reaching executive order in May to curb breaches.

"The federal government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life," the order said.

A key component of the "Executive Order on Improving the Nation's Cybersecurity" is to better fortify software systems. It noted that the development of commercial software often lacks transparency and sufficient focus on the ability of the software to resist attacks.

"There is a pressing need to implement more rigorous and predictable mechanisms for ensuring that products function securely, and as intended," the order said. "The security and integrity of critical software--software that performs functions critical to trust such as affording or requiring elevated system privileges or direct access to networking and computing resources--is a particular concern."

The directive will establish baseline security standards for the development of software sold to the government, as well as requiring developers to ensure greater visibility into their platforms and making security data publicly available, according to the White House.

Additionally, it will launch a pilot program that will create an Energy Star type of label so government personnel can quickly determine whether software was developed securely, according to a fact sheet from the White House. Energy Star is a government-backed symbol for energy efficiency that is run by the Environmental Protection Agency.

James Andrew Lewis, director of the Center for Strategic and International Studies' Strategic Technologies Program, said software security is the centerpiece of the executive order.

"The other parts are important, too," he said. "But this is the one that could have the biggest effect."

Anne Neuberger, deputy national security advisor for cyber and emerging technology at the National Security Council, said the Biden administration wants to create a demand signal for secure software.

The executive order has "some key pieces that were meant to jump-start the broader market for secure software, clearly using the power of federal government procurement to drive security in the software everybody uses," she said in May during an event hosted by CSIS.

The executive order is aimed at putting "our money where our mouth is" and only...