ANNOUNCEMENT: Legit Secrets Detection & Prevention 2.0! Read more about all the new capabilities --> 

Blog Contact Us Sign In
Platform
Platform - ASPM Icon
Application Security Posture Management (ASPM)
Platform - Secrets Detection & Prevention
Secrets Detection & Prevention
Platform - Continuous Compliance and SBOM Icon
Continuous Compliance and SBOM
Platform - Software Supply Chain Security SSCS Icon
Software Supply Chain Security (SSCS)
Platform - AI Security Posture Management (AI-SPM) Icon
AI Security Posture Management (AI-SPM)
Platform - AppSec Vulnerability Management Icon
AppSec Vulnerability Management
Integrations
Why Legit
Why Legit - Customers Icon
Customers
Resources
header mobile nav icon
Resources
Resources - Blog Icon
Blog
Resources - Resource Library Icon
Resource Library
Resources - Open Source with Legitify Icon
Open Source w/ Legitify
Resources - Events Icon
Events
Company
Company - Partners Icon
Partners
Company - About Legit Icon 2
About Legit
Company - Press Releases Icon 1
Press Releases
Company - In the News Icon
In the News
Company - Careers Icon
Careers
  • Blog
  • White House Executive Order: Strengthening and Promoting Innovation in the Nation’s Cybersecurity

Blog

White House Executive Order: Strengthening and Promoting Innovation in the Nation’s Cybersecurity

Joe Nicastro
Published on
January 16, 2025

Get details on this new cybersecurity Executive Order and its implications. 

The White House released an Executive Order (EO) today, one of President Biden’s final, which focuses on cybersecurity and requires 52 agency actions.  

This EO marks a pivotal moment for national cybersecurity. By focusing on post-quantum cryptography (PQC), artificial intelligence (AI), and the Internet of Things (IoT), it addresses emerging threats while advancing the standards for secure software development. 

The Order states that, “Adversarial countries and criminals continue to conduct cyber campaigns targeting the United States and Americans, with the People’s Republic of China presenting the most active and persistent cyber threat to United States Government, private sector, and critical infrastructure networks.  These campaigns disrupt the delivery of critical services across the Nation, cost billions of dollars, and undermine Americans’ security and privacy.  More must be done to improve the Nation’s cybersecurity against these threats.” 

The EO contains nine sections requiring actions in the next several years in the following areas: 

  1. Policy 
  2. Operationalizing Transparency and Security in Third-Party Software Supply Chains 
  3. Improving the Cybersecurity of Federal systems 
  4. Securing Federal Communications 
  5. Solutions to Combat Cybercrime and Fraud 
  6. Promoting Security with and in Artificial Intelligence 
  7. Aligning Policy to Practice 
  8. National Security Systems and Debilitating Impact Systems 
  9. Additional Steps to Combat Significant Malicious Cyber-Enabled Activities 

Of note in this Executive Order are the emphasis on the software supply chain and AI. 

On software security, the Order notes “The Federal Government and our Nation’s critical infrastructure rely on software providersYet insecure software remains a challenge for both providers and users and makes Federal Government and critical infrastructure systems vulnerable to malicious cyber incidentsThe Federal Government must continue to adopt secure software acquisition practices and take steps so that software providers use secure software development practices to reduce the number and severity of vulnerabilities in software they produce.” 

On AI, the EO states, “Artificial intelligence (AI) has the potential to transform cyber defense by rapidly identifying new vulnerabilities, increasing the scale of threat detection techniques, and automating cyber defense.  The Federal Government must accelerate the development and deployment of AI, explore ways to improve the cybersecurity of critical infrastructure using AI, and accelerate research at the intersection of AI and cybersecurity.” 

Software supply chain security 

In light of the Treasury Department breach in December, in which a Chinese hacking group breached a third-party service provider (BeyondTrust), the EO has a particular focus on the software supply chain. 

Notably, it expands the focus and definition of “software security.” It states that “secure software development practices are not sufficient to address the potential for cyber incidents from resourced and determined nation-state actors.  To mitigate the risk of such incidents occurring, software providers must also address how software is delivered and the security of the software itself.” 

The order mandates an update to SSDF in 180 days that “shall include practices, procedures, controls, and implementation examples regarding the secure and reliable development and delivery of software as well as the security of the software itself.” 

The order outlines that software providers selling to the federal government follow more robust standards for secure software development, and be able to verify compliance with the standards.  

Notably, the introduction of a machine-readable, automated method for SSDF compliance represents a major breakthrough, paving the way for more efficient and transparent security practices. 

Attestations that "fail validation" could be referred to the attorney general for “action as appropriate.” 

AI risks

This Executive Order includes requirements to investigate AI for use in cybersecurity and the security of AI itself.  

The EO states that the federal government must “accelerate the development and deployment of AI, explore ways to improve the cybersecurity of critical infrastructure using AI, and accelerate research at the intersection of AI and cybersecurity.” 

The order requires, within 150 days, research into: 

  • “Human-AI interaction methods to assist defensive cyber analysis; 
  • Security of AI coding assistance, including security of AI-generated code; 
  • Methods for designing secure AI systems; and 
  • Methods for prevention, response, remediation, and recovery of cyber incidents involving AI systems.” 

Implications of the EO

The updated Executive Order reinforces the nation's cybersecurity defenses by requiring advanced threat detection capabilities, frequent audits, and robust access controls for federal systems. It underscores the importance of public-private collaboration to enhance threat intelligence sharing, ensuring a cohesive and proactive approach to cyber defense. 

Critical infrastructure sectors, including energy, water, and healthcare, are given special focus with resilient security frameworks and rapid response protocols, creating a unified defense. These measures are designed to mitigate risks and maintain uninterrupted services during potential cyber incidents. Furthermore, the order emphasizes the importance of workforce development, advocating for investment in cybersecurity education and international collaboration to address global threats. 

How Legit solutions map to the EO 

Legit Security is uniquely positioned to support organizations in navigating these changes. Our platform helps organizations identify and secure the entire software factory, rather than just the source code, as mandated in this order. It also identifies AI in use in software development and alerts organizations to its use in risky ways. Finally, Legit also simplifies the validation and automation of compliance attestations, including SSDF and the CISA Attestation, offering continuous visibility across the software lifecycle while significantly reducing control and audit evidence burdens. 

Mandating secure software development practices 

What’s new: The EO mandates secure software development practices, requiring providers to: 

  • Attest to secure development processes. 
  • Provide compliance artifacts as per OMB guidelines. 

How Legit helps: 

  • Automated compliance: Legit automates adherence to NIST’s Secure Software Development Framework (SSDF) and OMB standards. 
  • Comprehensive attestations: We generate audit-ready evidence, mapping security controls and validating compliance throughout the SDLC. 
  • Streamlined governance: By embedding security controls into developer workflows, we reduce posture drift and ensure consistent compliance. 

Focus on software supply chain integrity  

What’s new: Emphasis on safeguarding software supply chains to mitigate risks from open-source and third-party software vulnerabilities. 

How Legit helps: 

  • Unified AppSec management: Legit integrates application security across the entire software supply chain. 
  • Open-source risk management: We provide tools to assess, patch, and remediate vulnerabilities in open-source components, aligned with DHS and CISA guidelines. 
  • Real-time visibility: Our platform delivers complete visibility into the SDLC, enabling organizations to detect and address risks proactively. 

Promoting AI security 

What’s new: Emphasis on both use of AI in cybersecurity and security of AI itself. 

How Legit helps: 

  • Identification of AI use: Legit provides a full view of the development environment, including code derived from AI-generated coding tools (e.g., GitHub Copilot). 
  • Enforcing policies: Legit Security detects LLM and GenAI development and enforces organizational security policies, such as ensuring all AI-generated code gets reviewed by a human. 
  • Stopping vulnerabilities: Legit’s platform provides guardrails to prevent the deployment of vulnerable code to production, including that delivered via AI tools.  

Learn more 

As the outgoing and incoming Administrations continue to refine their cybersecurity agendas, Legit Security remains at the forefront, enabling organizations to adapt to new regulations, enhance their security posture, and proactively defend against emerging threats.  

Learn more about Legit’s solutions. 

 
Joe Nicastro

Share this guide

Published on
January 16, 2025
Blog

Related posts

See more

A Foundation You Can Trust

Get a stronger AppSec foundation you can trust and prove it’s doing the job right.

Request a Demo