President Donald Trump on his last full day in office issued an executive order aimed at the use of cloud computing products for malicious cyber operations against the United States.
The order addresses the use of United States Infrastructure as a Service (IaaS) products, a type of cloud computing, by foreign malicious cyber actors.
“Foreign actors use United States IaaS products for a variety of tasks in carrying out malicious cyber-enabled activities, which makes it extremely difficult for United States officials to track and obtain information through legal process before these foreign actors transition to replacement infrastructure and destroy evidence of their prior activities; foreign resellers of United States IaaS products make it easier for foreign actors to access these products and evade detection,” he added. “This order provides authority to impose record-keeping obligations with respect to foreign transactions.”
Trump is ordering the Commerce Department to draft regulations that require U.S. IaaS providers to verify the identity of a foreign person that obtains an account.
The order also authorizes the Secretary of Commerce to ban or restrict accounts by any foreign person in a foreign nation “found to have any significant number of foreign persons offering U.S. IaaS products used for malicious cyber-enabled activities,” or by any U.S. IaaS provider for or on behalf of a foreign person.
The Secretary of Commerce is further authorized to ban or restrict accounts in the United States by any U.S. IaaS provider for or on behalf of a foreign person “if such an Account involves any such foreign person found to be offering United States IaaS products used in malicious cyber-enabled activities or directly obtaining United States IaaS products for use in malicious cyber-enabled activities.”
National security adviser Robert O’Brien said that Trump’s action is a “major step” in giving U.S. network defenders and investigators an advantage in protecting the American people.
“By gaining access to United States IaaS products, foreign actors can steal the fruits of American innovation and prepare destructive attacks on our Nation’s critical infrastructure with anonymity. Malign actor abuse of United States IaaS products has played a role in every cyber incident during the last four years, including the actions resulting in the penetrations of United States firms FireEye and Solar Winds.”
The order comes after a massive hacking campaign in late 2020 that breached federal government networks through inserting malicious code into software updates for SolarWinds’ Orion network management software. SolarWinds technology is used by all five branches of the U.S. military and numerous government agencies.