WHAT THEY ARE SAYING: Cybersecurity Experts, Software Industry Praise President Biden's Executive Order to Improve the Nation's Cybersecurity

Jim Lewis, Senior Vice President and Director, Strategic Technologies Program at CSIS: These changes are long overdue and will significantly improve cybersecurity across the board. The EO goes right to the heart of the problem - the mix of poor cyber hygiene and buggy code. Using the government buying power FAR [Federal Acquisition Regulation] to create incentives for better hygiene and code will make life harder for hackers.

Kiersten Todt, Managing Director, The Cyber Readiness Institute: The Executive Order is a prescriptive and much-needed roadmap for addressing the most pressing cybersecurity challenges our nation is confronting. I am encouraged by how the federal government will lead by example in ensuring baseline cybersecurity standards across agencies, as well as by how the Administration is tying its engagement with the private sector to the quality of security it expects from industry.

Steve Lipner, Executive Director, SAFECode: The only way to ensure the security of the software we all rely upon is for development organizations to build it using secure development and supply chain processes. Today's Executive Order builds upon the efforts of NIST, SAFECode and others and brings nearly two decades of industry work in software security to the ongoing fight to secure our national critical infrastructure. SAFECode looks forward to working with other stakeholders as its specific guidelines and policies are created and refined.

Nikesh Arora, Chairman and CEO, Palo Alto Networks: We applaud today's executive order to strengthen our national cyber defense. The EO prioritizes the critical areas of securely modernizing Federal IT, strengthening software supply chain security and fostering Zero Trust adoption. Palo Alto Networks will continue to work with the U.S. government to transition these policies into actionable outcomes.

Kelly Bissell, Senior Managing Director of Accenture Security: We applaud President Biden for issuing the most significant cybersecurity policy directive we have seen. Today, with this EO, we begin on a new path—one where governments and businesses can make faster, more informed decisions around the emerging threats, become more consistent, buy more secure products—and be more cyber resilient. Tomorrow the hard work begins. We are committed to bring our thousands of critical infrastructure clients together to shape the details to ensure that the vision for a more secure America becomes a reality.

Ari Schwartz, Executive Coordinator, Cybersecurity Coalition: The Cybersecurity Coalition welcomes the Biden Administration's new Executive Order aimed at improving the security of federal agencies is both ambitious and necessary. It creates several strategic initiatives that have been needed to better protect America from cyber attacks for many years and several more where the need has just become evident.

Aaron Cooper, Vice President, Global Policy at BSA | The Software Alliance: We're impressed by the breadth and boldness of today's Executive Order, which takes an important step toward ensuring that the software the government procures is developed and deployed in line with security best practices. Two years ago, BSA released our Framework for Secure Software to guide sound security policies. As the pace of digital transformation has continued to accelerate, thoughtful cybersecurity guidelines are more important than ever to protect our health and safety. We support the Order's outcome-based approach, and we are pleased to see the central role NIST will play in identifying and developing appropriate software security frameworks. We look forward to working with the Administration on implementation and to promoting software security practices both in and out of the government.

J. Michael Daniel, President & CEO, Cyber Threat Alliance: The Biden Administration is taking a significant step forward with this Executive Order. It directly addresses some long-standing cybersecurity weaknesses within the Federal government, and it will provide CISA with more of the tools and data it needs to carry out its mission of protecting Federal civilian agencies in cyberspace. The section on secure software development may take time to bear fruit but will ultimately pay significant dividends – in the long run, we must make our software more secure by design. The EO also creatively implements some useful ideas, such as standing up a joint public-private Cyber Safety Board under DHS's Critical Infrastructure Partnership Advisory Council authority. Overall, this EO will have a positive effect on the Federal government's cybersecurity. The private sector should do its part to support the EO's implementation.

Jason Oxman, President and CEO, Information Technology Industry Council (ITI): The ongoing threat of significant cyber intrusions underscores the importance of government and industry working together. We appreciate the focus on public-private collaboration in this Executive Order and its meaningful steps to modernize and streamline federal information systems, networks, and supply chains. We look forward to working with the Biden-Harris Administration to ensure that federal agencies and contractors have the proper resources and support to ensure that U.S. cybersecurity objectives are advanced while minimizing any potential impacts on privacy, civil liberties, and U.S. competitiveness.