Although Trump’s order eliminates a crucial component of Biden’s EO, the digital identity sections, and rolls back the EO’s required attestations for secure software development, it otherwise maintains the central provisions of the January order. Moreover, unlike the unusual and partisan fact sheet, the EO itself is a straightforward policy document devoid of political sniping.
“I’m pleased to see that there’s a lot of consistency between what was in the last administration’s order and what they’re going forward with,” Caitlin Clarke, a former senior cyber leader on the National Security Council and now a senior director for cybersecurity services at Venable LLP, told CSO. “For the most part, it’s fairly consistent in its view that cybersecurity is critical for federal networks and critical infrastructure networks, while driving forward some key actions that will help protect both federal and critical infrastructure networks.”
Rescinding Biden EO’s digital identity development section
Exploiting digital identities has become an increasingly popular way for threat actors to gain unauthorized access to otherwise highly protected networks and assets. Cybercriminals and nation-states can frequently penetrate systems undetected by posing as insiders or stealing legitimate credentials.
