Biden’s Technology Legacy: Advancing AI, Cybersecurity

When President Joe Biden leaves office in January, he will leave behind a legacy of technology-forward policy priorities. The Biden administration supported artificial intelligence, cybersecurity and technology initiatives through executive orders, memos and other initiatives.

“To lead America, the land of possibilities, you need a vision for the future and what can and should be done,” Biden said during his final State of the Union address in March.

Evolving AI Policy

Biden signed the executive order on safe, secure and trustworthy AI in October 2023, which establishes a government-wide effort to guide responsible AI development and deployment through federal agency leadership, regulation of industry and engagement with international partners.

“This order builds on the critical steps we’ve already taken,” said Biden during the order’s unveiling. “With today’s executive order I’ll soon be signing, I’m determined to do everything in my power to promote and demand responsible innovation.”

Building off the Trump administration’s executive orders, the Biden document aims to ensure America leads the way in AI, while effectively managing associated risks. It establishes new standards for AI safety and security, protects Americans’ privacy, advances equity and civil rights, stands up for consumers and workers, promotes innovation and advances American AI leadership around the world.

“If the White House and executive branch achieve even half of the provisions, it will be a vital step forward to safeguard AI,” Heather Frase, senior fellow of AI assessment at Georgetown University’s Center for Security and Emerging Technology, told GovCIO Media & Research. “The next step beyond developing domestic standards and protections is ensuring that our allies and other countries around the world also adopt similar norms to enable interoperability and the benefits of AI–I’m hopeful that the UK AI Summit and other multilateral efforts like the G7 will carry forward the EO’s momentum.”

The administration touted the order’s safety provisions in connection to the White House’s civil rights priorities. The order calls for significant anti-bias safeguards, especially in the public health system, to ensure that AI development is not prejudiced against vulnerable populations.

“We already know that AI systems impose significant civil rights dangers in areas like health care and housing and hiring. In these areas and others, the president directs the development of new standards to manage these ethics,” said White House Special Advisor Ben Buchanan during a virtual White House press briefing about the order last year.

Since the executive order was signed, the administration expanded on its AI safety priorities and guidance. In March, the Office of Management and Budget (OMB) issued memo M-24-10, directing agencies to follow specific parameters around responsible AI development through governance, responsible innovation and risk management.

“AI can transform public service as the federal government increasingly adopts AI, we must also develop the federal government’s capacity,” said OMB Deputy Director Nani Coloretti. “The policy directs agencies to develop their existing workforces to help them take advantage of AI, and it extends the same safeguards for federal employees’ rights and safety that apply to the general public.”

In October, the White House built on the executive order with a national security-focused memo.  The document outlines the administration’s plans for accelerating the development and deployment of AI at the Defense Department and related agencies. The memo highlights the technology’s potential to “transform the national security mission” safely and tasks the National Institute of Standards and Technology’s (NIST) AI Safety Institute (AISI) with “private sector AI developers to facilitate voluntary pre- and post-public deployment testing for safety, security and trustworthiness of frontier AI models.”

“The [memo] also establishes guardrails for the use of AI in national security, a critical step for ensuring that the national security community can continue to rapidly innovate while protecting human rights and civil liberties,” Conrad Stosz, AISI head of policy, said of the memo.

With an increased AI presence in and around government, the administration built on its Presidential Management Agenda workforce priority by encouraging training and upskilling federal employees in AI. Officials said in April that agencies are addressing challenges like filling specialized AI positions while also upskilling existing staff.

“We’re taking the initiative to give them some foundational training, we’re not trying to make them experts,” said Energy Deputy CIO of Resource Management Steven Brand in April.

Additionally, the White House stewarded the CHIPS and Science Act through Congress and Biden signed it into law in August 2022. The law aimed to strengthen U.S. leadership in domestic semiconductor manufacturing and AI computing power.

“We’ll see materials for semiconductors that are co-optimized not only for performance, but that can now address important issues like supply chain resilience and critical sustainability, both for existing and known materials, but potentially for new materials that we’ve not even thought of before,” said White House Office of Science and Technology Policy Director Arati Prabhakar of the effects of the act on manufacturing and science.

Formalizing Cybersecurity Policy

Soon after taking office in 2021, Biden signed the “Executive Order on Improving the Nation’s Cybersecurity.” The order required agencies to identify and address vulnerabilities in their networks, implement endpoint detection and response systems to identify ongoing attacks and standardize their response protocols for cyber incidents. It also established deadlines for zero-trust implementation at agencies to buttress identity management and called for better information sharing about attacks.

“Many of these EO tasks are sprints to develop architectures or roadmaps, and these are the initial milestones that will set additional milestones that will commence multi-year journeys,” Cybersecurity and Infrastructure Security Agency (CISA) Deputy Assistant Director of Cybersecurity Matt Hartman said in 2021. “Many of the core issues being addressed will only be solved through years, literally years, of focus and investment.”

Renee Wynn, former NASA chief information officer, said that cybersecurity executive order and guidance set up the future for government in the evolving nature of cybersecurity.

“I saw the continuation of what we had been focused on under Trump’s first administration and I saw greater emphasis [on] innovation, digitization and … security were continued to be emphasized and broadened under the Biden administration,” Wynn told GovCIO Media & Research in an interview. “That is a sheer fact of the number of threats that are out there through it to the United States government and to us as individuals.”

Congress created the Office of the National Cyber Director through the National Defense Authorization Act for Fiscal Year 2021. Chris Inglis was confirmed by the Senate as the first national cyber director in June 2021, following a rise in cyberattacks on U.S. government and industry. The role focuses on developing a national cyber strategy, coordinating federal cyber efforts and improving response planning across agencies.

The executive order, Inglis said, clarified the national cybersecurity strategy implementation and shored up vulnerabilities.

“The foundational elements that [the order] called for – things like multi-factor authentication, reliable asset inventories, the universal use of encryption, adopting a zero-trust architecture – are long wanting,” Inglis told GovCIO Media & Research in a 2022 CyberCast  interview. “We needed these for quite some time. And it’s high time that we not simply specified them but mandated them.

The White House released its cybersecurity strategy in 2023 and updated it in 2024. Unlike previous strategies, this plan shifted the primary responsibility for cybersecurity away from individuals, small businesses and local governments, placing a greater burden on larger institutions instead. Cyber Director Harry Coker touted the successes of the plan, saying that agencies completed 92% of the initial 36 initiatives by the second quarter of 2024.

“These documents are synergistic. From the bill to the strategy to the implementation plan to [the memoranda], each is building on and reinforcing the work of the past,” Coker said in May. “This is what coherence looks like. And it extends to resourcing as well.”

The cybersecurity executive order and strategy both call for zero trust as a cornerstone of government cyber defenses. At the Defense Department, the zero-trust strategy released in is “a really big deal for everybody involved,” Randy Resnick, director of the DOD Zero Trust Portfolio Management Office told GovCIO Media & Research in 2023.

“I was very, very pleased with the content [of the strategy], said Resnick. “This is, this is a big achievement for the DOD and it’s a big move from cybersecurity perspective.”

Indo-Pacific Command Executive Director for Coalition Communications and Deputy CIO Paul Nicholson said that zero-trust implementation also requires collaboration.

“The technology is not the hard part,” Nicholson said in 2023. “It is that commonality of how we agree to share information and protect information … It involves a lot of players.”

The administration’s cybersecurity priorities reflect the changing environment, Wynn said.

“Everybody is just learning how to manage cybersecurity better, how to have the right posture and continue to provide services. That’s one angle of what I’ve seen under the Biden administration,” said Wynn. “As I look to the future, I would anticipate that to continue.”

Defense Technology for the Future

The Biden administration supported technology to protect expanding attack surfaces – in both the kinetic and cyber domains. Under Secretary of Defense (Comptroller) and Chief Financial Officer Mike McCord said that the administration strengthened the national security technology landscape, despite budget and workforce challenges.

“I look back on a strong record that leaves the institution stronger than we found it … stronger, especially on civil military relations,” McCord said at the PSC Vision 2024 event last month. “The new team coming in, I think, has a real opportunity to build on the progress that we’ve made.”

Similarly, edge computing, cloud computing and data processing are progressing at the Defense Department. The Air Force is tackling the challenge of balancing tactical edge connectivity with zero-trust security for the battlefield, Air Force Research Laboratory Chief Scientist Mark Linderman.

“The big thing that’s changing is the amount of processing that we can bring to the edge,” Linderman said earlier this year. “In our everyday lives, we have the unimaginable capacity of cloud computing at our fingertips – seeming endless amounts of unlimited bandwidth so we can do things like stream Netflix wherever we are. But in the tactical battlespace, that’s not the case. The compute that we have access to might be the compute that we brought with us.”

Spectrum strategy was critical for tech policy during the Biden term. This year, the administration released strategies for 5G deployment, including a new document this fall that outlines DOD’s private 5G deployment toward secure, scalable wireless networks for warfighters and CJADC2 initiatives.

“We must leverage emerging and advanced technologies to become more efficient, effective, automated and sustainable,” wrote Leslie Beavers, acting Defense CIO, in the document. “This includes a global interconnected communications network that is robust, high performing, secure, agile and resilient-designed to accommodate scalability, rapid adaptation for war, and rapid reconstitution.”

The private DOD strategy highlights open radio access networks (Open RAN). Open RAN is key to DOD’s 5G strategy, DOD 5G Cross Functional Team Director Juan Ramirez told GovCIO Media & Research.

“The CFT is looking at policies, are looking at directives and standards, that are more secure,” said Ramirez. “There’s a whole slew of things that we’re working on to ensure that, as we deploy Open RAN … that we are working with trusted vendors.”