On June 6, 2025, President Trump signed Executive Order “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity,” a thorough directive that revises and streamlines previous cybersecurity frameworks as it sharpens focus on foreign adversaries. The order amends and revises Obama’s EO 13694 and Biden’s EO 14144, particularly targeting regulatory overhang during emphasizing protection against foreign cyber threats through technical and policy measures.
The executive order explicitly focuses on malicious cyber activity from foreign adversaries including China, Russia, Iran, and North Korea. Foreign cyber campaigns are cited as persistent and severe threats that undermine critical services and cost billions in damages. The directive refocuses sanctions authority particularly on foreign actors, clarifying domestic application limits and excluding election-related or domestic activities from sanction use. With cybercrime costs expected to reach 10.5 trillion dollars by 2025, the order emphasizes aggressive countermeasures against state-sponsored attacks.
Significant changes from previous orders include removing or amending problematic provisions from Obama and Biden administrations, such as digital ID mandates for undocumented immigrants. The order streamlines updates relating to software supply chain security, cryptography, federal communication, and artificial intelligence as it shifts focus away from censorship toward managing vulnerabilities, especially in AI systems.
The directive eliminates prior administrative overreach while refocusing cybersecurity efforts on technical vulnerability management over restrictive oversight measures.
The directive mandates federal agencies prioritize secure software development across all platforms and improve security for third-party software supply chains used by government systems. Agencies must take action on border gateway protocol security to prevent network hijacking and adopt machine-readable cybersecurity policy standards. The order launches an “IoT Cyber Trust Mark” for trusted and secure connected devices. Federal agencies must also ensure adequate access to cyber defense datasets for the academic community to support research initiatives.
Cryptographic security receives substantial attention, with directives for government adoption of latest encryption protocols for federal communications. The order requires agency-level action on post-quantum cryptography to future-proof against emerging computing threats, recognizing quantum computing as a major cybersecurity risk requiring proactive measures. Agencies must enforce encrypted connections between email clients and servers by May 16, 2025.
Artificial intelligence security policy refocuses on vulnerability identification and management rather than censorship. The order mandates adoption of technical standards for AI use in federal cybersecurity applications and implements machine-readable policy frameworks for AI-enabled systems. The directive expands formal trust designations for IoT devices, ensuring basic security engineering standards across connected infrastructure.
