President Donald Trump signed an executive order on Friday that eliminates or revises several of former President Joe Biden’s major cybersecurity initiatives. The White House accused the Biden administration of trying to “sneak problematic and distracting issues into cybersecurity policy.”
Trump’s elimination of Biden’s software security requirements for federal contractors represents a significant shift in cyber regulation. The Biden administration had sought to use federal procurement power to improve software industry practices following years of major cyberattacks linked to insecure software.
The new EO eliminates the requirement for federal contractors to submit secure software development attestations and technical data. It also removes the Cybersecurity and Infrastructure Security Agency’s (CISA) role in verifying vendor attestations and the Office of the National Cyber Director’s (ONCD) obligation to publish the results of those reviews. Trump’s executive order also cuts Biden’s initiatives related to AI in cybersecurity.
This includes scrapping efforts to enhance cyber defense of critical infrastructure in the energy sector and federal research programs focused on AI security. It eliminates a provision requiring the Pentagon to use advanced AI models for cyber defense. Trump’s directive scales back Biden’s attempts to accelerate the adoption of post-quantum cryptography.
While Biden pushed for the immediate adoption of quantum-resistant encryption by agencies, Trump’s order leaves only a requirement for CISA to maintain a list of widely available post-quantum cryptography products. The executive order signed by President Trump represents a significant overhaul of Biden’s cybersecurity policies, focusing instead on redefined priorities and resource allocations in the realm of national cybersecurity. A Friday executive order echoes unproven claims that cyber and surveillance authorities were politicized to target Trump and his allies.
Trump alters federal cybersecurity policies
Obama- and Biden-era cybersecurity rules will no longer be used to punish Americans and U.S. firms that engage in malicious cyber activities, nor will they be used to deter election meddling, among other changes ordered by President Trump on Friday. The latest of his second-term cybersecurity mandates rolls back measures that the State and Treasury departments have used to sanction individuals who supported attacks that harmed U.S. national security.
This provision reflects longstanding claims by Trump and his allies that cyber and surveillance authorities were politicized to target his inner circle, particularly in the wake of disinformation crackdowns that some on the right called tools to silence domestic political actors. One significant change removes a mandate for U.S. government agencies to ramp up the use of digital ID technologies, arguing they could be used by “illegal aliens” and would facilitate entitlement fraud and other abuse. However, the order retains a directive on protecting internet traffic routes, although it removes language from the Biden era about the associated risks.
Additionally, the order directs the Commerce Department to collaborate with private industry to enhance the development and security of software, starting in August. Furthermore, Trump’s directive highlights AI vulnerabilities. By November, federal defense, intelligence, and homeland security agencies must treat AI software flaws as they would any other cybersecurity risk, tracking, reporting, and sharing indicators of compromise as part of their existing incident response systems.
Within a year, the government must launch a pilot program to test a new “rules-as-code” approach to cybersecurity policy. NIST, CISA, and OMB will begin rewriting some of their cybersecurity guidance in machine-readable formats, aiming to allow computers to interpret and apply the rules automatically. The order also mirrors prior efforts launched under Biden.
By January 2027, any smart devices purchased by the government must carry a “Cyber Trust Mark” label to show they meet baseline security standards.
Kirstie a technology news reporter at DevX. She reports on emerging technologies and startups waiting to skyrocket.
