On June 6, the Trump administration unveiled a new cybersecurity executive order that seeks to diverge from the previous administrations of Barack Obama and Joe Biden, while addressing emerging threats in the digital landscape. Cybersecurity experts have indicated that this order, despite its political overtones, represents a necessary shift in strategy amidst the growing challenges posed by artificial intelligence and evolving technologies.
The new executive order, which has been characterized by critics as politically motivated due to its direct critiques of Biden and Obama-era policies, contains significant changes to the mandate of the Cybersecurity and Infrastructure Security Agency (CISA). Historically accused of overreach, CISA faces further resource and personnel cuts as the administration focuses on stricter controls regarding domestic adversaries. According to the order, the government will be prohibited from implementing cyber sanctions against domestic organizations, a decision prompted by concerns over potential abuses aimed at political adversaries. Source
Among the most notable changes introduced by the new executive order is the termination of a Biden-era initiative to establish a government-issued digital ID program. The Trump administration argues that this program could be exploited for fraudulent purposes, with the executive order stating, “Just days before President Trump took office, the Biden Administration attempted to sneak problematic and distracting issues into cybersecurity policy.” The order also targets outdated software practices and emphasizes the need for improved security investment strategies over compliance checklists, reflecting a shift towards practical cybersecurity solutions.Source
This executive order places a significant focus on enhancing the security of the software supply chain and boosting cybersecurity measures for Internet of Things (IoT) devices. To aid in this endeavor, it introduces a Cyber Trust Mark to certify secure devices and acknowledges the urgency for post-quantum cryptography standards.
Experts like cybersecurity and AI policy analyst Michelle Sahar view the executive order as a promising forward step, particularly pointing to revisions in the Secure Software Development Framework (SSDF) as a means of fostering secure software creation. She also notes the significance of the proposed Rules-as-Code pilot aimed at streamlining government regulations in technology, potentially aligning them closer to the rapid pace of technological advancements.
However, challenges exist in implementation, chiefly the reluctance of private software companies to share proprietary information necessary for new regulatory guidelines. As the new executive order signals an immediate shift towards action on post-quantum cryptography, experts assert that the successful realization of these ambitious measures will hinge on adequate funding and skilled personnel – which currently remains a pressing concern.