<p>President Donald Trump on Friday signed an executive order aiming to streamline past administrations’ cybersecurity executive actions and strip mandates seen as overly prescriptive or ideological.</p>
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
<p>The <a href=“Sustaining Select Efforts to Strengthen the Nation's Cybersecurity and Amending Executive Order 13694 and Executive Order 14144 – The White House”>order</a> is the first of several mandates already signed by Trump in his second term that explicitly focuses on cybersecurity. It amends parts of a Biden-era order signed in January before Trump’s return to the Oval Office, as well as a cornerstone Obama-era directive signed a decade ago that authorized the use of sanctions on individuals and firms engaged in malicious cyber activities.</p>
<p>The Obama order <a href=“Executive Order -- "Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities" | whitehouse.gov”>laid the groundwork</a> for sanctioning policies that have been used by agencies including the State Department and Treasury Department to <a href=“https://ofac.treasury.gov/recent-actions/20240927”>financially punish</a> people involved in hacking activities that harm U.S. national security. </p>
<p>Trump’s Friday order “limits the application of cyber sanctions only to foreign malicious actors” and prevents “misuse against domestic political opponents and clarifying that sanctions do not apply to election-related activities,” according to an <a href=“Fact Sheet: President Donald J. Trump Reprioritizes Cybersecurity Efforts to Protect America – The White House”>order fact sheet</a>.</p>
<p>The provision reflects longstanding concerns from Trump and his allies that cyber and surveillance authorities were politicized to target his inner circle, particularly in the wake of <a href=“Mistakes, but no political bias in FBI probe of Trump campaign - watchdog | Reuters”>election-related enforcement</a> and disinformation crackdowns that some on the right viewed as tools to silence domestic political actors.</p>
<p>Trump’s cyber order strikes and amends various parts of Biden’s January cyber order, considered by many to be a <a href=“Biden signs executive order inspired by lessons from recent cyberattacks - Nextgov/FCW”>kitchen-sink directive</a> built on lessons learned throughout Biden’s time in the White House. <em>Nextgov/FCW</em> <a href=“Forthcoming executive order seeks to plug holes in federal cyber practices - Nextgov/FCW”>previously reported</a> that Trump White House staff would review parts of Biden’s order and scrap parts of it they didn’t like.</p>
<p>One major change removes a mandate for U.S. government agencies to ramp up use of digital ID technologies, with the fact sheet arguing they would be used by “illegal aliens” and would have “facilitated entitlement fraud and other abuse.” That digital ID provision was <a href=“Coming cyber executive order includes a push to mobile drivers licenses - Nextgov/FCW”>first reported</a> by <em>Nextgov/FCW</em>.</p>
<p>The order keeps a directive on protecting internet traffic routes, though it strips out Biden-era language about why this matters — namely, risks like <a href=“White House plan looks to secure a foundational piece of the global internet - Nextgov/FCW”>border gateway hijacking</a>. </p>
<p>On the flip-side, the order directs the Commerce Department to work with private industry and improve how software is built and secured starting in August. </p>
<p>It also works to prepare the U.S. for post-quantum cryptography, where quantum computers would be able to crack modern-day encryption standards. It directs the NSA and the Office of Management and Budget to issue government agency standards for PQC by December so that tougher security protections are in place by 2030.</p>
<p>Trump’s directive also focuses on AI vulnerabilities. By November, federal defense, intelligence and homeland security agencies must begin treating AI software flaws like any other cybersecurity risk and must track, report and share indicators of compromise as part of their existing incident response systems. </p>
<p>“Proper AI development is a tool for predictive defense, threat detection at scale and securing the rapidly growing ecosystem of machine identities, but we must also ensure we secure the AI itself,” Kevin Bocek, CyberArk’s SVP of Innovation, said in a statement to <em>Nextgov/FCW</em>.</p>
<p>And within a year, the government must launch a pilot program to test a new “rules-as-code” approach to cybersecurity policy. NIST, CISA and OMB will begin rewriting some of their cybersecurity guidance in machine-readable formats, with the aim of allowing computers to interpret and apply the rules. </p>
<p>The order also mirrors a prior effort launched under Biden. By January 2027, any smart devices the government buys will need to carry a “Cyber Trust Mark” label showing they meet baseline security standards. That labeling scheme was <a href=“White House unveils Cyber Trust Mark program for consumer devices - Nextgov/FCW”>largely overseen</a> by the Federal Communications Commission.</p>
<p>“The continued focus on cybersecurity and resilience as a critical priority for the administration, and recognition of the imminent threat landscape is encouraging,” Amit Elazari, the CEO of OpenPolicy, a Washington, D.C.-based policy intelligence firm, said in a text message to <em>Nextgov/FCW</em>. “Specifically the directives on software supply chain, the use of AI for cybersecurity and the bolstering of AI security as well as bolstering IoT security posture and PQC remediation — all represent a critical policy focus on emerging, significantly expanded, attack vectors.”</p>
Article Link: Trump cyber executive order aims to amend ‘problematic’ parts of Biden, Obama cyber orders - Nextgov/FCW