Shifting dangers loom for individuals and small businesses as outlined by the White House's recent decree
In a bid to safeguard American citizens against escalating nation-state cyber threats, the White House has issued an executive order. This order, Executive Order 14117, authorises the attorney general to prevent the large-scale transfer of sensitive personal data to countries of concern, such as China and Russia.
The order sets strict high security standards to protect sensitive data, including genomic, biometric, health, geolocation, financial data, and personal identifiers. The Department of Justice (DOJ) will issue robust data protection regulations to block commercial access or exploitation by foreign adversaries.
The DOJ and the Department of Homeland Security will collaborate to establish strict security standards and compliance obligations for entities handling such data. This includes vendors and employees connected to these foreign adversaries. The Data Security Program (DSP) will enforce these standards, prohibiting data brokerage or transactions with countries of concern or covered persons unless contractual safeguards prevent further unauthorised data transfers.
Transactions involving sensitive data must comply with cybersecurity standards set by the Cybersecurity and Infrastructure Security Agency (CISA), coupled with due diligence and audit requirements effective from October 2025. The protections apply regardless of whether the data is anonymised, pseudonymised, encrypted, or de-identified, indicating a broad scope of data coverage.
The executive order also tasks the Assessment of Foreign Participation Committee to review submarine cable licenses with consideration to threats to sensitive data, implying controls beyond just data handling to infrastructure aspects. Enforcement comes with significant civil and criminal penalties, including fines and imprisonment for willful violations.
The regulations aim to prevent foreign adversaries from collecting sensitive data through the acquisition of businesses or manipulation of business relationships. The order underscores the threat to sensitive data beyond the standard breach tactics and highlights the need for high security standards to prevent access by countries of concern to Americans' data through other commercial means.
The executive order reflects the shifting value and appeal of big data to nation-states as a sought-after target. Big data can be used for various purposes, such as blackmail, AI training and analysis, monitoring dissidents, medical research, among others. The mere quantity of data has now taken on a quality all its own.
Former Department of Defense counterterrorism intelligence officer, Michael Kosak, views this executive order as a welcome one. The order is expected to provide more details as it is implemented. This move is a reminder that everyone should consider themselves potential targets on a much wider scale than just cybercrime. The cyber-espionage attack surface for a country's security and strategic interests now extends to every individual citizen's personal data.
- The White House's Executive Order 14117 aims to prevent foreign adversaries, like China and Russia, from accessing sensitive American data, such as genomic, biometric, health, geolocation, financial data, and personal identifiers.
- The Department of Justice (DOJ) will establish strong data protection regulations to prevent commercial access or exploitation of sensitive data by foreign adversaries.
- The Data Security Program (DSP) will enforce strict security standards and compliance obligations on entities handling sensitive data, including vendors and employees connected to foreign adversaries.
- The executive order also focuses on controlling data transactions and submarine cable licenses, emphasizing the need for high security standards to protect sensitive data from collection by foreign adversaries through commercial means.
