By David DiMolfetta President Donald Trump on Friday signed an executive order aiming to streamline past administrations’ cybersecurity executive actions and strip mandates seen as overly prescriptive or ideological.
The order is the first of several mandates already signed by Trump in his second term that explicitly focuses on cybersecurity. It amends parts of a Biden-era order signed in January before Trump’s return to the Oval Office, as well as a cornerstone Obama-era directive signed a decade ago that authorized the use of sanctions on individuals and firms engaged in malicious cyber activities.
The Obama order laid the groundwork for sanctioning policies that have been used by agencies including the State Department and Treasury Department to financially punish people involved in hacking activities that harm U.S. national security.
Trump’s Friday order “limits the application of cyber sanctions only to foreign malicious actors” and prevents “misuse against domestic political opponents and clarifying that sanctions do not apply to election-related activities,” according to an order fact sheet.
The provision reflects longstanding concerns from Trump and his allies that cyber and surveillance authorities were politicized to target his inner circle, particularly in the wake of election-related enforcement and disinformation crackdowns that some on the right viewed as tools to silence domestic political actors.
Trump’s cyber order strikes and amends various parts of Biden’s January cyber order, considered by many to be a kitchen-sink directive built on lessons learned throughout Biden’s time in the White House. Nextgov/FCW previously reported that Trump White House staff would review parts of Biden’s order and scrap parts of it they didn’t like.
One major change removes a mandate for U.S. government agencies to ramp up use of digital ID technologies, with the fact sheet arguing they would be used by “illegal aliens” and would have “facilitated entitlement fraud and other abuse.” That digital ID provision was first reported by Nextgov/FCW.
The order keeps a directive on protecting internet traffic routes, though it strips out Biden-era language about why this matters — namely, risks like border gateway hijacking.
On the flip-side, the order directs the Commerce Department to work with private industry and improve how software is built and secured starting in August.
It also works to prepare the U.S. for post-quantum cryptography, where quantum computers would be able to crack modern-day encryption standards. It directs the NSA and the Office of Management and Budget to issue government agency standards for PQC by December so that tougher security protections are in place by 2030.
Trump’s directive also focuses on AI vulnerabilities. By November, federal defense, intelligence and homeland security agencies must begin treating AI software flaws like any other cybersecurity risk and must track, report and share indicators of compromise as part of their existing incident response systems.
“Proper AI development is a tool for predictive defense, threat detection at scale and securing the rapidly growing ecosystem of machine identities, but we must also ensure we secure the AI itself,” Kevin Bocek, CyberArk’s SVP of Innovation, said in a statement to Nextgov/FCW.
And within a year, the government must launch a pilot program to test a new “rules-as-code” approach to cybersecurity policy. NIST, CISA and OMB will begin rewriting some of their cybersecurity guidance in machine-readable formats, with the aim of allowing computers to interpret and apply the rules.
The order also mirrors a prior effort launched under Biden. By January 2027, any smart devices the government buys will need to carry a “Cyber Trust Mark” label showing they meet baseline security standards. That labeling scheme was largely overseen by the Federal Communications Commission.
“The continued focus on cybersecurity and resilience as a critical priority for the administration, and recognition of the imminent threat landscape is encouraging,” Amit Elazari, the CEO of OpenPolicy, a Washington, D.C.-based policy intelligence firm, said in a text message to Nextgov/FCW. “Specifically the directives on software supply chain, the use of AI for cybersecurity and the bolstering of AI security as well as bolstering IoT security posture and PQC remediation — all represent a critical policy focus on emerging, significantly expanded, attack vectors.”
]]>
Read more here:: www.nextgov.com/rss/all/