“One of the key challenges of implementing this is the capability of government agencies to project, monitor it and ensure vendors are held accountable,” pointed out Yugal Joshi, partner at Everest Group. “It is highly unlikely that governments have staff who understands AI-led cybersecurity and can drive these initiatives.”
“In addition,” Joshi added, “in many cases, the legacy platforms in the government may not allow such innovation or may entail significant spending to adopt these. Given the financial stress on the US government, it will be interesting to witness how this is addressed.”
Impact on private vendors
To address long-standing issues with insecure software, the order requires vendors supplying software to federal agencies to adhere to strict secure development practices. Under the directive, vendors must provide documentation proving compliance, to be evaluated by the Cybersecurity and Infrastructure Security Agency (CISA) as part of its software attestation program, the report said.
