On June 6, 2025, former President Donald Trump signed a new executive order titled “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity,” which revamps the federal government’s approach to cybersecurity. This order amends and supersedes prior executive orders issued under previous administrations, particularly President Biden’s EO 14144 from January 2025 and President Obama’s EO 13694 established in 2015.
The updated framework prioritizes critical protections against foreign cyber threats as it refines key cybersecurity initiatives from both predecessors. The executive order places significant emphasis on advancing secure software development practices throughout federal agencies. It mandates action on border gateway security, aimed at preventing network hijacking.
Moreover, the order directs agencies to adopt cutting-edge encryption protocols and post-quantum cryptography standards to bolster cybersecurity defenses. Remarkably, AI’s role is transformed, shifting focus from content moderation to vulnerability identification and management, promoting rapid detection and response capabilities. As part of this initiative, it enhances CISA’s threat-hunting capabilities within federal agencies to improve overall cybersecurity effectiveness. Additionally, the executive order requires agencies to improve network visibility, reinforcing the need for a more robust response to cyber incidents.
In terms of federal cyber policy, the new order narrows the scope of previous directives, effectively reducing regulatory burdens. It limits the application of cyber sanctions exclusively to foreign malicious actors, thereby excluding domestic political adversaries. Measures considered extraneous to core cybersecurity obligations, such as federally mandated digital IDs for undocumented immigrants, have been eliminated, streamlining policy and enhancing operational efficiency.
The order likewise places significant priorities on supply chain and cloud security, necessitating updates to security practices for federal procurement while enforcing clear standards for hardware and digital products. This approach encourages solutions that align agency policies with practical requirements.
Furthermore, a simultaneous focus on state, local, and infrastructure resilience highlights the increasing recognition of vulnerabilities at various governance levels.
