Administration under President Biden issues comprehensive cybersecurity executive order
In a significant move to bolster cybersecurity defences, President Donald Trump has issued Executive Order 14306, aiming to combat cyber attacks on U.S. government agencies, critical infrastructure providers, and high-profile individuals. The order, effective from June 6, 2025, revises and modifies previous cybersecurity orders from the Obama and Biden administrations, while introducing new strategic focuses [1][3][4].
The new order comes in response to a series of state-linked campaigns, including the hack of nine telecom companies by Salt Typhoon and an attack against the Treasury Department connected to the compromise of BeyondTrust customers. All recent attacks have been linked to hackers backed by the People's Republic of China [5].
Key Details and Measures of EO 14306
The order aims to balance maintaining robust cybersecurity standards with streamlined and more flexible implementation. It revises and rolls back some cybersecurity requirements introduced by Biden’s EO 14144, such as detailed federal contractor cybersecurity attestations and new minimum cybersecurity practices development by NIST (National Institute of Standards and Technology) [3][4]. However, it maintains requirements such as agencies complying with NIST SP 800-161 (Cybersecurity Supply Chain Risk Management), while reducing prescriptive mandates to allow more agency discretion in cybersecurity implementations [3].
The Trump EO shifts federal cybersecurity approaches to be narrower, simpler, and more decentralized compared to previous broad mandates. It emphasizes prioritizing artificial intelligence (AI) applications for automating cyber defense, rapid vulnerability detection, and adaptive defense mechanisms [1][2].
To strengthen cyber sanction capabilities against foreign adversaries, the EO institutes a cybersecurity-specific sanctions tag (CYBER4) for targeted sanctions against foreign adversaries like Russia, China, Iran, and North Korea who participate in malicious cyber activities and cybercrime supporting infrastructure [2]. This sanctions approach disrupts entire cybercrime supply chains and highlights enforcement against foreign providers of services linked to ransomware, malware, and illegal darknet operations that threaten U.S. national security [2].
The order also revises software supply chain security requirements and mandates increased research and testing in emerging technology areas such as quantum computing and AI-enhanced cyber defense capabilities [1].
In terms of collaboration, the EO keeps directives for federal agencies to work with private sector partners and contractors, especially in adopting modern security architectures and patching practices for open source software, but with less prescriptive federal oversight compared to Biden’s EO [3].
The General Services Administration will develop guidance on how cloud customers can securely use these products. A public-private partnership will be developed to use AI to protect critical infrastructure in the energy sector. Software vendors doing business with the federal government will be required to prove they are using secure development practices [6].
The U.S. government plans to utilize its $100 billion annual IT spending to ensure technology companies develop more secure software. The National Institute for Standards and Technology will develop guidance on how to deploy software updates in a secure and reliable manner. Starting in 2027, the U.S. will only buy internet-connected devices that meet Cyber Trust Mark standards [7].
The goal of the executive order is to make it costly and harder for China, Russia, Iran, and ransomware criminals to hack, and to signal that the U.S. is serious about protecting its businesses and citizens [8]. The order also aims to give the U.S. more authority to level sanctions against hackers that have disrupted hospitals and other critical providers [9].
Katell Thielemann, distinguished VP analyst at Gartner, stated that the executive order represents a set of security challenges the Biden administration would have liked to tackle much sooner [10].
The White House has announced an executive order to combat sophisticated attacks targeting U.S. government agencies, critical infrastructure providers, and high-profile individuals [11]. Federal authorities will begin research into AI-based tools to search for software vulnerabilities, manage patching, and detect threats [12].
In conclusion, the EO aims to strengthen cybersecurity defences, streamline bureaucracy and cybersecurity requirements for using federal information systems for three years, and harness emerging technologies like AI and quantum computing to protect critical infrastructure and government systems [1][2][3][4].
- The new Executive Order 14306, issued by President Donald Trump, introduces a focus on combating ransomware attacks, which are linked to foreign adversaries, as part of its efforts to bolster cybersecurity defenses.
- To combat sophisticated attacks, the order emphasizes the use of artificial intelligence (AI) for automating cyber defense, rapid vulnerability detection, and adaptive defense mechanisms, significantly revising technology strategies in cybersecurity.
- Policy-and-legislation and politics play a crucial role in the order, as it institutes a cybersecurity-specific sanctions tag (CYBER4) for targeted sanctions against foreign adversaries involved in malicious cyber activities, including ransomware, and disrupts entire cybercrime supply chains.
