日本語
한국어
Tiếng Việt
简体中文
President Donald Trump has signed an executive order that effectively rolls back several key cybersecurity initiatives put in place by the previous Biden administration. The move signals a major shift in the government’s approach to digital security.
According to a White House fact sheet, the Trump administration believes the Biden initiatives contained “problematic and distracting issues.” The new order specifically targets programs focused on software security standards, artificial intelligence (AI) for cyber defense, and the implementation of post-quantum encryption.
Key Changes in Cyber Regulation
One of the most significant aspects of the executive order is the elimination of Biden’s software security requirements for federal contractors. The previous administration had sought to leverage the government’s purchasing power to improve software industry security practices, particularly following major cyberattacks linked to vulnerable software. The Trump administration, however, views these efforts as “unproven and burdensome,” arguing they prioritize compliance over genuine security improvements.
Specifically, the order scraps requirements for federal contractors to submit “secure software development attestations” and eliminates the Cybersecurity and Infrastructure Security Agency’s (CISA) role in verifying these attestations. Also removed are provisions that would have allowed the Justice Department to take action against companies with failing attestations.
AI and Quantum Computing Initiatives Halted
The Trump administration has also cut Biden-era initiatives related to AI and quantum computing. This includes a program to test AI’s capabilities in defending critical infrastructure in the energy sector, as well as research into securing AI-powered coding. Requirements for the Pentagon to use advanced AI models for cyber defense have also been eliminated.
On the quantum computing front, the order significantly scales back efforts to accelerate the adoption of post-quantum cryptography. While Biden had urged agencies to adopt quantum-resistant encryption “as soon as practicable,” Trump’s order removes these requirements, leaving only a mandate for CISA to maintain a list of product categories with widely available post-quantum cryptography support.
Other Provisions Dropped
Numerous other provisions from Biden’s January directive have been dropped, including those related to phishing-resistant authentication technologies, internet routing security, strong email encryption, and addressing risks related to IT vendor concentration.
Initiatives focused on using digital identity documents to prevent fraud in public benefits programs have also been eliminated, deemed “inappropriate” by the Trump administration.
The order also modifies sanctions authorities related to cyberattacks on the U.S., limiting the Treasury Department’s ability to sanction only foreigners, a move the White House says will prevent the “misuse against domestic political opponents.”
One Program Survives
Amidst the sweeping changes, one major Biden-era cyber program remains intact: a Federal Communications Commission (FCC) project that applies government seals of approval to technology products undergoing security testing by federally accredited labs. Companies selling internet-of-things devices to the federal government will still be required to participate in the FCC program by January 2027.
This executive order represents a significant shift in U.S. cybersecurity policy, prioritizing a different approach to securing the nation’s digital infrastructure. The long-term implications of these changes remain to be seen.