
Security News
Astral Launches pyx: A Python-Native Package Registry
Astral unveils pyx, a Python-native package registry in beta, designed to speed installs, enhance security, and integrate deeply with uv.
Sarah Gooding
January 21, 2025
Executive orders have been flying off the pen in recent weeks, including a significant one focused on strengthening US cybersecurity infrastructure. In the final days of his administration, President Joe Biden issued a comprehensive executive order titled "Strengthening and Promoting Innovation in the Nation’s Cybersecurity."
Signed on January 16, 2025, this directive introduces new measures to improve transparency in software supply chains, promote secure development practices, integrate AI into cybersecurity defenses, and prepare for threats posed by advanced technologies like quantum computing. The order is aimed at government agencies and contracted software providers, but offers a glimpse into the government’s priorities for advancing cybersecurity innovations.
After the administration change, the original document is now only available via the Internet Archive. It cites adversarial countries and criminals, including the People’s Republic of China as the most active and persistent threat to the US government, private sector, and critical infrastructure networks, as the impetus for the order. These malicious campaigns disrupt critical services and “cost billions of dollars, and undermine Americans’ security and privacy.”
Agencies are directed to enforce stricter requirements for software providers, ensuring secure development practices and the submission of attestations to the Cybersecurity and Infrastructure Security Agency (CISA), referencing both vulnerable and malicious incidents:
Operationalizing Transparency and Security in Third-Party Software Supply Chains. (a) The Federal Government and our Nation’s critical infrastructure rely on software providers. Yet insecure software remains a challenge for both providers and users and makes Federal Government and critical infrastructure systems vulnerable to malicious cyber incidents. The Federal Government must continue to adopt secure software acquisition practices and take steps so that software providers use secure software development practices to reduce the number and severity of vulnerabilities in software they produce.
Within 30 days, the Director of OMB, in collaboration with NIST and CISA, must propose rules requiring software providers to:
These submissions will go to CISA’s software repository for oversight.
Federal agencies are tasked with integrating AI models into cyber defense strategies, launching pilot programs for critical infrastructure, and promoting security with and in artificial intelligence:
Artificial intelligence (AI) has the potential to transform cyber defense by rapidly identifying new vulnerabilities, increasing the scale of threat detection techniques, and automating cyber defense. The Federal Government must accelerate the development and deployment of AI, explore ways to improve the cybersecurity of critical infrastructure using AI, and accelerate research at the intersection of AI and cybersecurity.
The order introduces set timelines for each of the initiatives, including 150 days for the Departments of Commerce, Energy, Homeland Security, and the National Science Foundation, to prioritize research on:
In recognition of the critical role open source software plays in federal information systems, the government is also making key recommendations to guide agencies on managing and contributing to these ecosystems.
To help the Federal Government continue to reap the innovation and cost benefits of open source software and contribute to the cybersecurity of the open source software ecosystem, agencies must better manage their use of open source software.
Within 120 days, the Secretary of Homeland Security (via CISA) and the Director of OMB is expected to provide recommendations to federal agencies, covering the following:
This wide-ranging order covers a number of other federal security concerns, including cybersecurity threats in space, the transition to post-quantum cryptography, and initiatives to strengthen federal systems and communications.
The issuance of this executive order just days before the transition to President Donald Trump's administration raises questions about its future implementation. While cybersecurity has traditionally garnered bipartisan support, the incoming administration may choose to review, modify, or rescind the order based on its policy priorities. Deputy National Security Adviser Anne Neuberger expressed optimism in an interview with AP News, stating that the order's objectives of strengthening cybersecurity and holding malicious actors accountable should resonate across party lines.
For organizations and cybersecurity professionals, the order signals a clear direction: compliance with higher standards, leveraging emerging technologies like AI, and preparing for quantum resilience are no longer optional but necessary for navigating the future of digital security.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Security News
Astral unveils pyx, a Python-native package registry in beta, designed to speed installs, enhance security, and integrate deeply with uv.
Security News
The Latio podcast explores how static and runtime reachability help teams prioritize exploitable vulnerabilities and streamline AppSec workflows.
Security News
The latest Opengrep releases add Apex scanning, precision rule tuning, and performance gains for open source static code analysis.