Digital Resilience Associations
РусскийРусский

US President Donald Trump signs executive order to refocus cybersecurity: focus on real threats, technical resilience

29 July 2025

President Donald J. Trump Signs Executive Order on Strengthening National Cybersecurity

President Donald J. Trump has signed an Executive Order aimed at enhancing national cybersecurity with a focus on protection against foreign threats and improving the security of information technologies.

Key Provisions of the Executive Order

  • Amends Executive Orders issued under Barack Obama and Joe Biden (Nos. 13694 and 14144).
  • Federal agencies are directed to:
    • Advance secure software development.
    • Strengthen border gateway security (routing protection).
    • Ensure the implementation of post-quantum cryptography to guard against threats from future computing systems.
    • Apply the latest encryption protocols.
    • Reorient AI efforts from censorship toward identifying and eliminating vulnerabilities.
    • Introduce machine-readable policies and official trust marks for IoT devices, enabling users to be confident in their baseline security.
    • Limit sanctions to foreign malicious actors, excluding their use against domestic political opponents and election campaigns.
    • Terminate the digital ID initiative for undocumented migrants, deemed a potential source of fraud.

Rationale

President Trump criticizes the Biden administration’s approach to digital IDs and software control as overly politicized and a distraction from real technical threats. He argues that such measures undermine the effectiveness of cybersecurity investments.

Major Changes

  • Removal of requirements for software security certification and compliance-focused reforms, shifting emphasis to real protection.
  • Termination of the federal digital ID platform, citing risks of fraud tied to benefits for undocumented immigrants.
  • Transition to a more flexible approach: agencies determine protection levels independently, accounting for budgets and autonomy.

Targeted Threats

The order explicitly names China as the most active source of cyber threats, alongside Russia, Iran, and North Korea.

Continuity and Deadlines

Post-quantum cryptography (PQC) adoption remains a priority:

  • By December 2025, CISA must publish a list of product categories supporting PQC.
  • TLS 1.3 (or its successor) must be implemented by 2030 under the guidance of NSA and OMB.

NIST is tasked with the following:

  • By August 1, 2025 — establish a consortium to develop recommendations for the Secure Software Development Framework (SSDF).
  • By September 2, 2025 — update SP 800-53 guidance on patch management.
  • By December 1, 2025 — issue a draft update of the SSDF (final version to follow within 120 days).

Closing Note

If you would like to learn more about global cybersecurity trends or discuss how such approaches could be adapted in Central Asia, please contact us.

The official text and key provisions of the Executive Order are available on the White House website:
👉 Fact Sheet: President Donald J. Trump Reprioritizes Cybersecurity Efforts to Protect America