How Trump’s New Order has Affected Cybersecurity in the U.S.!

President Donald Trump has signed a new Executive Order on cybersecurity that severely alters and eliminates several initiatives introduced by the previous Biden administration. The White House criticised the Biden government for introducing “problematic and distracting issues” into cybersecurity policy just before leaving the office. Trump’s executive order focuses on enhancing the technical and organisational professionalism of federal cybersecurity efforts.

Key Changes in the Executive Order

1. Elimination of Software Security Requirements

Biden-era mandates required federal contractors to submit secure software development attestations and technical data to verify compliance. The order removes this, along with provisions for the Cybersecurity and Infrastructure Security Agency(CISA) to verify these attestations and for the Office of the National Cyber Director to publish these results. The Trump administration criticised these efforts to be “unproven and burdensome” and prioritised compliance checklists over genuine security investments.

2. Reduction in AI and Cybersecurity Initiatives

The order scrapped the initiative aimed at testing artificial intelligence (AI) for cyber defense in critical infrastructure sectors like energy. Provisions that directed federal research programmes to prioritise AI security and the development of secure AI systems have been eliminated as well. Ultimately, the order removed all requirements for the Department of Defense to use advanced AI models for cyber defense.

3. Rollback of Post-Quantum Cryptography Efforts

The acceleration of adopting encryption methods that were resistant to quantum computing threats has been scaled back by the executive order. Mandates set for federal agencies to commence using quantum-resistant encryption and for vendors to implement it were eliminated as a result. However, a requirement for CISA to maintain a list of product categories where post-quantum cryptography-supporting products are widely available was retained.

4. Preservation of Some Initiatives

Despite the set of rollbacks issued with the new order, it preserved a Federal Communications Commission (FCC) project that applies a government seal of approval to technology products tested by federally accredited labs. This comes as a major relief for many individuals belonging to the sector. Additionally, provisions for the Departments of State and Commerce to encourage key foreign allies and overseas industries to adopt the National Institute of Standards and Technology (NIST) post-quantum cryptography algorithms were maintained.

Major Implications

This executive order from the Trump administration marks a significant shift in the U.S. cybersecurity policy, moving away from comprehensive regulatory approaches to technical and organisational improvements. While some experts argue that the changes may streamline efforts and reduce bureaucratic hurdles, others express concern that the rollbacks could weaken the nation’s cybersecurity posture, especially in the face of evolving threats from adversaries like China and Russia.

Additional Changes in the Executive Order

• Limitations on Treasury Department Sanctions

The order prevents the U.S. Treasury Department from imposing sanctions on individuals within the United States with involvement in cyberattacks targeting U.S. infrastructure. The accompanying White House statement said that this change is intended to prevent the “misuse [of sanctions] against domestic political opponents.”

• Rollback of BGP Security Efforts

The order removes prior language declaring the Border Gateway Protocol (BGP), which is the foundational system for routing Internet traffic, as “vulnerable to attack.” It also eliminates the requirement for the Department of Commerce and NIST to issue guidance on implementing BGP security protocols such as Resource Public Key Infrastructure (RPKI) and Route Origin Authorizations (ROAs).

These security mechanisms were initially introduced to prevent BGP hijacking incidents, which have previously redirected internet traffic away from secure destinations like banks and other critical infrastructure.

• Rejection of Digital ID Implementation Plans

The plans under the previous administration to promote digital identity documents have now been officially dropped. The new White House said that implementing digital IDs “risked widespread abuse by enabling illegal immigrants to improperly access public benefits.”