Biden’s Cybersecurity Executive Order and What Comes Next Under Trump

By the time this analysis is published, or by the time you read it, President Donald Trump may have withdrawn or modified the Jan. 16 “Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity” and other cybersecurity policies issued under the Biden Administration. Enacted in the final days of the Biden administration, Executive Order (EO) 14114 aims to strengthen the federal government’s cybersecurity policies by requiring–rather than simply encouraging–government vendors, cloud providers, and contractors to meet certain cybersecurity requirements.

The wide-reaching cybersecurity EO, which covers everything from the federal government’s cybersecurity practices to AI-powered cyber defenses, represents a culmination of the Biden administration’s efforts to address longstanding, fundamental vulnerabilities in digital infrastructure – vulnerabilities that high-profile security breaches of U.S. critical infrastructure, including by China-sponsored hacking groups Volt Typhoon and Salt Typhoon, highlight. The EO builds on the Biden administration’s previous policies linking cybersecurity and data security to national security, including its May 2021 Executive Order 14028, implementation of the March 2022 Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), March 2023 National Cybersecurity Strategy, and use of federal authorities to promote security in defense contracting, information and communications technology, and access to Americans’ sensitive personal data.