eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
President Donald Trump signed an executive order Friday revamping US cybersecurity policies by scrapping several initiatives from the Biden and Obama administrations. The order shifts focus toward foreign cyber threats while limiting sanctions against domestic actors, including those related to potential election hacking.
The White House called the changes necessary to eliminate “problematic and distracting issues” in cybersecurity policy.
“Cybersecurity is too important to be reduced to a mere political football,” the administration said in a fact sheet.
Trump’s executive order amends and supersedes significant portions of Executive Orders 13694 and 14028, two major cybersecurity policies enacted during previous administrations. The new order places a renewed emphasis on securing the nation’s networks against hostile foreign actors like China, Russia, North Korea, and Iran.
“The People’s Republic of China presents the most active and persistent cyber threat to United States Government, private sector, and critical infrastructure networks,” the order states.
Key changes in the executive order
The order amends a 2015 Obama-era policy (Executive Order 13694) that allowed for sanctions against individuals responsible for cyberattacks on U.S. infrastructure. The new version specifies that only “foreign persons” can be penalized, not domestic actors.
According to the White House fact sheet, the order “limits the application of cyber sanctions only to foreign malicious actors, preventing misuse against domestic political opponents and clarifying that sanctions do not apply to election-related activities.”
This shift could offer a measure of protection to American hackers who might otherwise be swept up in broad cybercrime enforcement policies, provided they aren’t working for foreign governments or causing harm abroad.
Trump’s order also aims to strip away what it calls “inappropriate measures outside of core cybersecurity focus.” This includes removing mandates for digital IDs that, according to the White House, “would have facilitated entitlement fraud and other abuse.”
The Biden administration had required federal software vendors to prove they followed secure development practices, a response to major breaches. Trump’s order scraps these mandates, calling them “unproven and burdensome software accounting processes that prioritized compliance checklists over genuine security investments.”
Instead, the National Institute of Standards and Technology (NIST) will work with industry leaders to develop guidelines for secure software development.
Quantum Computing and AI get major attention
A significant portion of the order focuses on future threats, particularly those posed by quantum computers capable of breaking modern cryptography. The order directs agencies, such as the NSA and CISA, to begin rolling out PQC-capable systems by January 2030.
In the AI space, the order directs the release of cybersecurity research datasets to the academic community by November 1, 2025, while also tasking national security agencies to treat AI vulnerabilities in the same manner as traditional cyber exploits.
“Artificial intelligence (AI) has the potential to transform cyber defense by rapidly identifying vulnerabilities, increasing the scale of threat detection techniques, and automating cyber defense,” the order reads.
What this mean going forward
President Trump’s executive order marks a major shift in cybersecurity strategy, rolling back several initiatives from his predecessors while focusing on traditional defense measures, technical upgrades, and foreign adversaries.
The Trump administration says it “will do what it takes to make America cyber secure—including focusing relentlessly on technical and organizational professionalism to improve the security and resilience of the nation’s information systems and networks.”
