Impact of the Executive Order on Software Supply Chain Security, AI and Machine Identities
Cybersecurity is no longer just a niche issue tucked away in back-office conversations. It’s a mission-critical priority, emphasized at the highest levels, including the White House. Amid escalating cyberattacks on critical infrastructure, government agencies and private enterprises, the importance of secure digital identities has been laid bare.
In his last days in office President Biden took one notable step toward bolstering defenses by issuing a White House Executive Order on Improving the Nation’s Cybersecurity. This landmark directive highlights a pressing need to strengthen digital infrastructures, emphasizing key principles such as Zero Trust architectures and advanced threat detection capabilities.
Among its many recommendations and mandates, the executive order underscores a lesser-discussed yet critical aspect of cybersecurity: non-human identities—more generally known as machine identities. These often-overlooked digital identifiers are becoming an essential element of cybersecurity strategies, and their significance continues to grow as the complexity of IT systems rises. The executive order places a long-overdue spotlight on machine identities and their pivotal role in safeguarding our digital assets.
In particular, the latest executive order elevates critical implications of machine identities in software supply chains, artificial intelligence (AI) and quantum cryptography. With cyberthreats scaling new heights, especially with the advent of AI-driven vulnerabilities, the order outlines ambitious objectives to mitigate risks, secure infrastructure and bolster confidence in technology-driven operations.
What Are Machine Identities?
Before exploring the significance of machine identities highlighted in the executive order, it’s essential to understand what they are and why they are critical. Much like humans require identification to access systems and resources (think usernames and passwords), machines also require a means of authentication to communicate securely—these are known as machine identities. They involve technologies such as digital certificates, cryptographic keys and tokens, which serve as unique identifiers for devices, servers, applications, containers and even software processes.
Machine identities ensure that the machines interacting within a network are authorized and secure. They are a foundational element of trust in digital interactions, enabling encrypted communication and ensuring that sensitive data remains protected. However, the rapid expansion of cloud computing, IoT devices, APIs and microservices is causing exponential growth in the number of machine identities in use.
The challenges of managing and securing these identities have become a top concern, especially as cyberattacks increasingly target them. This evolving reality is exactly why the White House’s executive order comes at a critical juncture.
What the Executive Order Implies for Machine Identities
The executive order, issued in response to high-profile breaches, aims to strengthen the United States’ cybersecurity posture. It outlines mandates for federal agencies and contractors to adopt modern security frameworks, improve threat detection and enhance incident response capabilities—many of which involve machine identities.
As I mentioned before, machine identities are one of the pillars in securing the modern internet. However, these mechanisms are often poorly managed or misused, creating opportunities for attackers. The executive order mandates standards that strengthen machine identity security, particularly in safeguarding critical access points.
Let’s take a look at how they should secure software supply chain security, AI and quantum computing.
Securing Software Supply Chain: A National Security Imperative
The global software supply chain underpins nearly every critical system. Its vulnerabilities pose significant risks not just to the private sector but also to national security. The executive order emphasizes the need for secure software acquisition practices, dependable infrastructure and adherence to rigorous guidelines like the NIST Secure Software Development Framework (SSDF) Special Publication 800-218.
Modern software development often pulls code and dependencies from multiple sources worldwide. This practice makes verifying the origin (or provenance) of code crucial for ensuring its security. Agencies and organizations must implement robust identity controls that track who authored code and protect its integrity during development and deployment.
“This push for supply chain security and certification will impact the development of AI and require that the same security controls apply there,” explains Kevin Bocek, SVP of Innovation at CyberArk. “This is huge since the impact and requirements to secure the entire software supply chain will affect commercial software from mobile apps to enterprise software.”
AI for Cyber Defense and Risk Management
Section 6 of the executive order highlights the critical role of AI in transforming cyber defense. From rapidly identifying vulnerabilities to automating threat management, AI can be a powerful enabler for security teams. Key initiatives, such as DARPA’s 2025 Artificial Intelligence Cyber Challenge and pilot programs spearheaded by the Department of Energy and Defense, focus on utilizing AI to bolster cybersecurity in critical infrastructure sectors like energy.
However, while AI offers immense promise, it also introduces new challenges. Securing the very AI systems that enhance defense is just as crucial as using AI to fight threats. Malicious use or breaches of AI systems can result in catastrophic consequences, making protecting and auditing identity a critical area.
AI also augments Identity Threat Detection and Response (ITDR) capabilities, giving organizations real time insights to make predictive analytics for improved risk decisions. This holistic approach—securing AI, defending against AI misuse and employing AI for proactive security—is necessary to effectively mitigate potential adversaries’ threats.
Preparing for Post-Quantum Cryptography
A significant focus within this executive order is developing post-quantum cryptographic readiness. Advanced quantum computers, also referred to as Cryptanalytically Relevant Quantum Computers (CRQCs), hold the potential to crack widely used public-key cryptography, threatening the very foundation of our current security models.
The transition to quantum-resistant cryptographic algorithms is now a mandated priority. By addressing vulnerabilities before quantum computing matures further, federal agencies are required to safeguard sensitive data against potential cryptographic attacks in the future. These standards are not just a recommendation—but a critical shift for protecting long-term security.
Advancing Cybersecurity Strategies
The White House’s executive order is a strong indicator of the direction cybersecurity is heading, underscoring the need for tougher, more adaptive strategies to counter evolving threats. Though often overlooked in broader cybersecurity conversations, machine identities are quickly emerging as the foundation of any comprehensive security framework. Their role in cybersecurity cannot be overstated.
For business and government leaders alike, the takeaway is clear—machine identities are no longer optional; they’re essential. Investing in robust machine identity solutions and practices will align organizations with regulatory expectations and provide the foundation for long-term security in an increasingly interconnected digital economy.
While the cybersecurity challenges outlined in the executive order are daunting, they also present an opportunity for innovation, collaboration and resilience. Whether you’re in government or the private sector, now is the time to evaluate your systems, strengthen your supply chain and prepare for the future of cryptography in a quantum-enabled age.
Rahul Dubey is vice president of CyberArk’s Public Sector Solutions Group.