EOP Orders on the Nation’s Cybersecurity

The White House

Executive Office of the President

Presidential Actions

Bipartisan Leadership on Cybersecurity in America

Cybersecurity remains a cornerstone of U.S. national security, with both Democratic and Republican leadership demonstrating a firm commitment to safeguarding the nation's digital infrastructure. Over successive administrations, Presidents from both parties have prioritized cybersecurity as a means to protect critical infrastructure, defend against malicious cyber actors, and ensure the safety and privacy of all Americans.

President Donald J. Trump's Cybersecurity Legacy
Under President Trump, significant strides were made in strengthening America's cybersecurity defenses:

• Executive Order 13800 - Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (2017): This foundational order required federal agencies to modernize their IT systems, implement robust risk management practices, and improve the overall cybersecurity posture of critical infrastructure sectors.
• National Cyber Strategy (2018): This strategy outlined a proactive approach to cyberspace, focusing on deterring adversaries, protecting citizens, and fostering innovation in cybersecurity technologies.
• Creation of CISA (2018): The establishment of the Cybersecurity and Infrastructure Security Agency marked a pivotal step in federal efforts to coordinate national cybersecurity defenses and protect critical infrastructure from emerging threats.

President Joseph R. Biden Jr.'s Cybersecurity LeadershipPresident Biden has continued to build on these efforts, introducing transformative initiatives to further secure the nation's digital infrastructure:

• Executive Order 14028 - Improving the Nation's Cybersecurity (2021): This order emphasizes collaboration between government and private sectors to secure software supply chains, modernize cybersecurity standards, and improve threat intelligence sharing.
• Cyber Safety Review Board (2022): Inspired by transportation safety frameworks, this board reviews major cyber incidents to provide actionable insights for enhancing national defenses.
• National Security Memorandum on Cybersecurity (2024): Reinforcing critical infrastructure protection, this memorandum prioritizes public-private partnerships to address vulnerabilities in essential services such as energy, water, and healthcare.

A Unified Commitment
Both administrations underscore the bipartisan recognition that cybersecurity is not only a national security imperative but also a foundational component of economic stability and public trust. Whether through President Trump’s focus on deterrence and infrastructure resilience or President Biden’s emphasis on modernization and collaboration, the executive branch continues to drive innovative policies and strategies to secure America’s digital future.This ongoing dedication ensures that the U.S. remains at the forefront of global cybersecurity, defending its citizens and institutions against evolving threats.

Why USA-Cybersecurity
In today’s increasingly digital landscape, businesses of all sizes face unprecedented threats from cybercriminals. From ransomware and phishing scams to sophisticated data breaches, these attacks can cause devastating financial losses, reputational harm, and operational disruptions. The executive leadership in the U.S., under both Democratic and Republican administrations, has consistently emphasized the importance of robust cybersecurity measures, as highlighted by Executive Orders 13800 and 14028. These directives not only set the tone for federal and critical infrastructure protection but also serve as a wake-up call for businesses to prioritize cybersecurity as a fundamental component of their risk management strategies. Incorporating cybersecurity services into a business's security portfolio ensures resilience against threats, compliance with evolving regulations, and protection of valuable customer and operational data.

Furthermore, the federal government’s strong stance on cybersecurity underscores the shared responsibility between public and private sectors in defending against cyber threats. President Biden’s emphasis on supply chain security and collaborative threat intelligence, alongside President Trump’s proactive approach to deterring adversaries, demonstrate that effective cybersecurity measures are a critical national priority. For business owners, this means that investing in advanced cybersecurity tools and services is not just a safeguard but also a competitive advantage. Customers and partners increasingly demand assurances that their data is secure, and businesses that can demonstrate strong cybersecurity protocols are better positioned to earn trust, attract opportunities, and mitigate liabilities. By integrating cybersecurity services into their security portfolios, business owners can protect their operations, ensure compliance, and contribute to the broader effort of strengthening national and economic security.

Changes to National Cyber Policy in the Trump AdministrationJune 18, 2025 (IN12570)On June 6, 2025, the Trump Administration released Executive Order 14306 (E.O. 14306) titled "Sustaining Select Efforts to Strengthen the Nation's Cybersecurity and Amending Executive Order 13694 and Executive Order 14144." 

This E.O. marks a shift from previous administrations on cyber policy—and in particular, within the narrower area of cybersecurity policy. Where other administrations had previously sought greater consolidation of cybersecurity responsibilities at the federal level, E.O. 14306 seeks to redistribute these responsibilities among industry participants or remove the responsibilities altogether. This CRS Insight explores these changes in a historical context.Background on Previous Federal Cyber Policy;

Two decades ago, the federal government's cyber policy, in general, was largely centered around encouraging voluntary actions by the private sector and establishing public-private partnerships. While those are still tenets of the federal government's cybersecurity strategy, additional policies have supplemented or replaced previous ones to direct more specific actions from federal agencies and drive larger changes in the private sector. The Biden Administration's presidential actions were the most extensive set of policies, and sought to shift cybersecurity responsibilities away from each individual company toward those companies and entities that provide information technology (IT) goods and services (e.g., cloud service providers and software companies). It also established greater federal leadership on cybersecurity issues.Executive Order 14144Executive Order 14144 (E.O. 14144) titled Strengthening and Promoting Innovation in the Nation's Cybersecurity was released by the Biden Administration on January 16, 2025. It sought to build upon the cybersecurity work of Executive Order 14028, but since it was released in the waning days of the administration, many of its efforts did not start and/or were not taken up by the Trump Administration.Polices set forth in E.O. 14144 include

• mandates for the private sector to attest to secure software development practices when selling IT to the federal government;
• requirements for federal agencies to improve their own cybersecurity through greater threat-hunt operations and information sharing;
• directions for federal agencies to release guidance on mobile driver's licenses to spur their adoption;
• directions for federal agencies to begin deploying tools and accepting digital verification of identities;
• requirements for agencies to adopt post-quantum encryption;
• improvements to agency adoption of artificial intelligence (AI), particularly for safe applications and automating cybersecurity functions; and
• reductions in the thresholds the United States would use in issuing sanctions against individuals or entities that commit cyberattacks against U.S. interests.

Executive Order 13694Executive Order 13694 (E.O. 13694) titled Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities was released by the Obama Administration on April 1, 2015. It established the federal policies around using authorities granted by the International Emergency Economic Powers Act (IEEPA), the National Emergencies Act (NEA), and the Immigration and Nationality Act of 1952 (INA) to issue sanctions against malicious actors who use cyberspace to carry out their attacks. E.O. 13694 limited sanctions to "significant" events. E.O. 14144 removed that threshold.Policies in E.O. 14306The Trump Administration did not revoke previous cybersecurity executive orders, nor did it direct a review of prior ones, as was done with critical infrastructure security and resilience policy. Instead, E.O. 14306 kept the text from E.O. 14144 and E.O. 13694 in place and performed line edits to remove text or policies with which the administration disagrees. In doing so, the Administration established policies to reduce the involvement of federal agencies in shaping the nation's cybersecurity posture while also giving the private sector greater influence.Policy changes include

• making explicit that sanctions can only be used against "foreign persons." This appears to be the existing policy as CRS was unable to find an example where sanctions were lodged against domestic persons for cyber-related violations, although a domestic person could be an individual or entity physically within the United States, regardless of citizenship or residency status;
• removing the requirement for government contractors to make attestations regarding their secure software development practices. Instead, contractors are encouraged to voluntarily adopt guidance from the National Institute of Standards and Technology (NIST) on cybersecurity practices;
• removing agency requirements to conduct digital identity work—including both work on mobile drivers' licenses and acceptance of digital identity verification;
• limiting agency AI work to improvements of cybersecurity automation; and
• reducing the requirements for adopting post-quantum cryptography.

Some policies persist across these executive orders:

• agencies are to adopt the Cyber Trust Mark program to ensure internet-of-things devices carry attestations of security;
• agencies are to manage cyber supply-chain risks pursuant to NIST guidance;
• agencies are to advance their cybersecurity practices, including through the use of threat-hunt operations and advanced cybersecurity tools; and
• agencies are to continue progress toward securing internet traffic and email communications.

Implications of Policy ChangesThe President's nominees for the National Cyber Director and Director of the Cybersecurity and Infrastructure Security Agency are pending confirmation in the Senate. If confirmed, their potential work toward a new national cybersecurity strategy could provide greater detail on how agencies may implement administration priorities. Currently, the President's Budget for FY2026 and agency budgets offer some indications of how the Trump Administration is generally seeking to allocate cybersecurity resources—largely through reduced cybersecurity allocations at agencies.Policymakers may choose to scrutinize both the executive order and the President's Budget as they pertain to congressional prerogatives, which could include

• implications for reduced investment in cybersecurity activities by agencies;
• the degree to which the private sector is positioned to act without federal direction and resources;
• the ability for agencies to manage nation-state cybersecurity threats;
• implications for reductions in agency programs and workforces both for near term and long-term objectives;
• the role of the federal government in spurring the adoption of new technologies; and
• how the nation shall employ AI technologies for cybersecurity.

Protect your network. Contact us Now.