Then-President Trump signed an executive order the day before he left office to target foreign cyber threats and place new reporting obligations on cloud service providers.
“Foreign malicious cyber actors aim to harm the United States economy through the theft of intellectual property and sensitive data and to threaten national security by targeting United States critical infrastructure for malicious cyber-enabled activities,” the executive order reads.
The order calls for “record-keeping obligations” on cloud service providers’ foreign transactions, in the hope that it will deter foreign actors from malicious attacks on United States-based Infrastructure as a Service (IaaS) products.
In addition to keeping records of foreign transactions, cloud service providers will also have to verify the identity of users obtaining an IaaS account.
“In appropriate circumstances, to further protect against malicious cyber-enabled activities, the United States must also limit certain foreign actors’ access to United States IaaS products,” the order says. “Further, the United States must encourage more robust cooperation among United States IaaS providers, including by increasing voluntary information sharing, to bolster efforts to thwart the actions of foreign malicious cyber actors.”
The Trump EO designates the Secretary of Commerce to propose related regulations within six months of the order. However, President Joe Biden has not indicated whether he will enforce Trump’s last-minute executive order.