Joseph Robinette Biden Jr. (pictured) hits the emergency “do  something”  button.

Wow. Just Wow.

What’s the craic? Cynthia Brumfield reports: White House goes all out in final, sweeping cybersecurity order

“Embraced by the Trump administration”
The ambitious final executive order requires 52 agency actions to bolster cyber protections and counter adversaries, including a new plan to address spiraling digital identity theft. [It] is a fitting end to a string of decisive executive actions by the administration, starting with a May 2021 executive order spurred by the shocking ransomware attack on Colonial Pipeline. It is also a helpful step forward for the incoming Trump administration as it grapples with the spiraling cyber threats from … cybercriminal groups [and] nation-state adversaries, particularly China.
…
Perhaps one of the most critical … is the section requiring the adoption of digital identities to fight cybercrime and fraud. [It] reflects an earlier promised, separate executive order on identity theft teased by Biden in his 2022 State of the Union address, which ultimately failed to materialize. [It] strongly encourages “the use of digital identity documents.”
…
It’s unclear how much of Biden’s last-minute executive order will be embraced by the Trump administration. … The chief factor determining how much of the EO is accepted or rejected by the Trump administration is who will ultimately be named to fulfill the top cybersecurity policy positions at the White House, at … CISA, and elsewhere in the federal government.

What else? Jonathan Greig gives us more: Ransomware sanctions, software security among key points

“End-to-end encryption”
Much of the document focuses on leveraging the U.S. government’s $100 billion dollars of annual government IT procurement to force companies into producing more secure products, deploying artificial intelligence more broadly and adopting post-quantum technology. … It amends the U.S. government’s sanctioning authorities so that agencies can better target ransomware gangs, [lowering] the bar for what can be sanctioned.
…
The order requires software suppliers to the federal government to prove they are using secure development practices when creating their products and establishes initiatives that will validate the proof. … Agencies will be required to implement phishing-resistant authentication technologies and use end-to-end encryption … with “quantum resistant” methods.

There it is again. Six weeks ago, I told you hell had frozen over—and now this. grajaganDev is pleasantly surprised:

Nice to see that the US gov’t is endorsing encryption instead of fighting it.

Sounds ambitious. Noah Stanford and Ian Eldred Pudney break it down: Biden’s Executive Order on Cybersecurity

“The whole market shifts”
This is probably the most comprehensive cybersecurity executive order we’ve seen, targeting systemic vulnerabilities in federal systems while pushing industry toward better security practices. But what strikes you immediately is the sheer ambition. … It’s an attempt to rewire the entire federal security architecture. Which makes sense given the context: China’s running increasingly sophisticated cyber operations, software supply chains are a mess, and our infrastructure security hasn’t kept pace.
…
What’s really happening is a fundamental shift in how government approaches security architecture. They’re moving from point solutions to system-level thinking. From compliance to operational security. From checkbox audits to continuous verification. … You can’t patch your way out of systemic vulnerabilities.
…
When federal procurement requirements change, the whole market shifts. Every major software vendor is going to have to rethink their security practices.

Is this democracy? Or lawmaking by fiat? organgtool explains the civics:

Executive Orders [are] basically just directives that provide consistency within the executive branch by detailing the expectations of the president to all executive agencies. All of those agencies are still bound to the Constitution and all laws created by the legislative branch, which can’t be overridden by EOs.

Seems like an awful lot of bureaucratic mumbo jumbo. Lazlo Woodbine fingers the problem:

The problem with the US is that Government is set up [so] it’s almost impossible to get any real work done.

But could this work? u/Round-Walk7165 claims to be a security manager:

The biggest impact I see here is it gives a lot of additional visibility to CISA. The ability to see EDR logs for all of the federal government is both an amazing source of intel and an additional layer of detection / response that could help during a significant incident. I also like the emphasis on using AI more for defensive operations, but we’ll have to wait to see if anything substantial comes out of that.

Not everyone’s a fan, obvs. Seven Spirals offers their own TL;DR:

The government says it needs more government to govern “because hackers”. Yeah, I’m shocked yawn. Does it stop the terrorists and protect the children, too?
…
Hopefully, this EO gets taken out and shot.

Meanwhile, u/SchruteFarmsInc does not sound optimistic:

What are the odds this is torched in a few days out of spite by the incoming administration?

And Finally:

R.I.P., David

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to  @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: Gage Skidmore (cc:by-sa; leveled and cropped)