Industry stakeholders praised the Trump administration’s changes to a Biden-era cyber executive order, which streamlines some of the requirements for federal agencies by making targeted cuts to different taskings.
"President Trump's recent executive order on cybersecurity will help deliver a more secure digital ecosystem,” said Henry Young, senior director of policy at the Business Software Alliance. Trump’s June 6 EO makes specific cuts to directives in former President Biden’s EO 14144 signed on Jan. 16.
Young said, “By focusing on high-impact activities, like identifying product categories that support post-quantum cryptography to drive adoption of best-in-class commercial security solutions and continuing NIST's work on secure software development to improve the security of critical software, the EO will improve economic and national security. We look forward to working with the Administration on these priority efforts.”
The Consumer Technology Association also weighed in on the Trump EO, highlighting a provision that was maintained from Biden’s Jan. 16 EO to set up requirements for the government to procure consumer Internet of Things products with the U.S. Cyber Trust Mark.
David Grossman, CTA vice president for policy and regulatory affairs, said, “The Consumer Technology Association applauds President Trump for affirming this administration’s continued commitment to the U.S. Cyber Trust Mark.”
“The President’s executive order to enhance the nation’s cybersecurity requires vendors of the Federal Government to use the Cyber Trust Mark labeling for consumer IoT products starting in January 2027. This is an important step in making many years of work by CTA, industry, and government to raise the bar on cybersecurity of connected devices a reality,” Grossman said.
Notably, one of the most radical changes in the Trump EO is cutting an entire section of Biden’s Jan. 16 EO on “Solutions to Combat Crime and Cyber Fraud,” which is focused on identity issues.
In a fact sheet, the Trump administration said the provision was part an effort to “sneak problematic and distracting issues into cybersecurity policy” under Biden. The fact sheet said the Biden EO was “[i]ntroducing digital identity mandates that risked widespread abuse by enabling illegal immigrants to improperly access public benefits.”
The cut was strongly criticized by Jeremy Grant, coordinator of the Better Identity Coalition.
Grant said, “The core of the identity section focused on having NIST create guidance that agencies at all levels of government could use to make digital identity tools more secure, as well as encouraging Federal agencies to start accepting these secure credentials as a way to help prevent fraud in public benefits programs. Nothing in January’s EO included a mandate for the US government to issue digital IDs to anybody – immigrants, or otherwise.”
The Better Identity Coalition sent a letter in January to the U.S. “Department of Government Efficiency” Service arguing that identity and fraud should be seen as “an infrastructure and national security issue,” rather than “thinking about identity and fraud.”
Grant said, “As we noted in our January 28th letter to the new administration, it is the same organized criminals and hostile nation states exploiting the same core weaknesses in digital identity infrastructure to steal billions not just from government— but also banks, healthcare, retailers, fintech services, and cryptocurrency exchanges. We look forward to working with the Trump administration to help blunt these attacks and protect Americans—from identity theft and fraud.”
More broadly, Cybersecurity Coalition executive director Ari Schwartz said the EO in general “actually demonstrates a continued support for the same bipartisan process for cybersecurity which I think is positive. It is basically picking up, it is not adding anything majorly new and they are not removing a lot of the basic defense pieces.”
The Trump EO shows a “continued nonpartisan approach” to look at issues outlined in Biden’s EO “in a nonpartisan way,” Schwartz said. “It’s not an assumption that everything that came from the last administration is bad. We’re keeping most of the pieces here and only selectively taking out some of the pieces we don’t think are good.”
Think tank perspective
The R Street Institute’s Haimon Wong reflected on key aspects of the Trump EO, including elements on software security.
Wong said, “Trump’s new cyber EO is a welcome move that signals an effort by the administration to treat cybersecurity as a core strategic and national security priority. In particular, it’s grounded in the recognition that cybersecurity compliance and spending don’t automatically translate to improved resilience -- a sentiment that really resonates with me, especially as someone who has worked on the frontlines of cyber incident response in a critical infrastructure sector.”
“The EO also acknowledges the impact emerging technologies will continue to have on the evolving threat landscape and directs the federal government to prepare and adapt accordingly,” Wong said.
Wong is a resident fellow on the cybersecurity and emerging threats team at R Street.
On software security, Wong said, “As with any EO or regulatory action, whether improvements are made will depend heavily on the success of the implementation that follows. That said, the EO’s direction to work with NIST to establish an industry consortium at the National Cybersecurity Center of Excellence is a prudent move -- it leverages existing hubs of expertise and stakeholders already active in this space.”
Wong said, “I also appreciated the EO’s clear call for the NCD, in coordination with agencies like the DNI, OSTP, OMB, Secretary of Defense, and Secretary of Homeland Security, to incorporate AI software vulnerabilities and compromises into ongoing vulnerability management, incident response, and threat intelligence processes. Given where we are with AI advancement, this is a timely and important step toward strengthening both coordination and national security.” -- Sara Friedman (sfriedman@iwpnews.com)