On January 16th, President Joe Biden signed a comprehensive executive order to strengthen U.S. cybersecurity. The order mandates secure development practices for federal software vendors, launches an AI program within the Pentagon to enhance cyber defense with a pilot in the energy sector, and improves security standards for cloud platforms and IoT devices. The order also directs federal agencies to address quantum computing-related cybersecurity risks and lowers the threshold for sanctioning foreign entities involved in cyberattacks, enabling swift action against threats to U.S. infrastructure.
Experts from the cybersecurity community have commented on the latest executive order and shared their thoughts on its potential impacts on the wider security landscape.
Nick Mistry, SVP and CISO, Lineaje
“The latest executive order (EO) builds on the EO14028 and focuses on third-party software supply chains – a critical step toward securing government services against growing threats. By focusing on third-party risks—often exploited in recent attacks linked to foreign state actors—the EO mandates stricter risk management and requires software providers to attest to secure development practices.
A key provision incorporates these attestations into the Federal Acquisition Rule (FAR), adding much-needed enforcement. However, its success hinges on implementation. Will government agencies conduct meaningful risk assessments, or will this become a checkbox exercise offering little real security?
To ensure the EO delivers on its potential several areas must be addressed including the following:
- The government must establish clear and enforceable standards for verifying attestations.
- Agencies need to conduct in-depth risk assessments, going beyond surface-level evaluations.
- Continuous monitoring should be integrated to address emerging vulnerabilities across the software lifecycle.
While challenges remain, this EO prioritizes transparency, accountability, and stronger defenses across the supply chain. If executed effectively, it can significantly reduce vulnerabilities and enhance trust in the software ecosystem.”
Keith Palumbo, CEO & Co-founder, Auguria
“The Biden Administration’s new executive order on cybersecurity is definitely ambitious. But its success depends on overcoming significant challenges in implementation, collaboration, and scalability. This executive order could kick off a much-needed shift toward breaking down some of the silos in cybersecurity, but the devil, as always, will be in the implementation details. Effective collaboration, transparency, and clear guidelines will be essential to avoid bureaucratic inertia and make sure these measures translate into actual, measurable security outcomes.
It’s absolutely crucial to have a “global” view of what’s attacking the government. Attackers thrive in the gaps left between silos. However, successful implementation will not just require close cooperation but also a solid technical foundation to deliver. That’s why it’s reassuring to see a governmental focus on supporting increased research and development of AI-powered cybersecurity tools. It’s an area adversaries are also aggressively pursuing.”
Clyde Williamson, Senior Product Security Architect, Protegrity
“In 2025 and beyond, data security must be at the forefront of any administration’s agenda—not only for citizens and customers, but for the trust we hold with international allies. Regardless of who’s in office, it’s clear we need a unified approach to data privacy and security that transcends partisan lines. With exponential advancements in GenAI and data analytics, we can no longer rely on outdated, piecemeal regulations.
Regulations must require data de-identification and encryption as a baseline, stripping sensitive information of its ransom value. Such techniques render stolen data practically useless, diminishing its value to threat actors and significantly reducing the impact of breaches. This kind of proactive approach aligns with the growing awareness that breaches affect us all—not just corporations and agencies, but each individual whose information is left unprotected.
Secondly, GenAI and large language models have created new layers of complexity in data security. For instance, the proprietary data used to train AI models can be a prime target for misuse, with potentially biased or incomplete algorithms raising serious ethical concerns. The new administration must address these GenAI challenges by setting standards for transparency and regular audits that ensure these tools don’t propagate unfair biases or increase data vulnerabilities.
If 2025 is to be the turning point in data protection, it will be through policies that prioritize transparency and accountability, reinforce consumer trust, and ensure that data security measures keep pace with technological advances. A modernized, comprehensive national data security policy must be rooted in the spirit of safeguarding privacy—not merely checking off compliance boxes.”
Richard Bird, Chief Security Officer, Traceable AI
“President Biden has made cybersecurity a priority like no leader before him, but the recent US Treasury breach highlights a critical issue: executive orders often focus on trendy topics like AI while neglecting foundational security flaws. Outdated infrastructure mismanaged access controls, and unpatched systems remain pervasive vulnerabilities in both government and private sectors. These initiatives too often prioritize optics over impact, lacking the accountability and investment needed to address systemic weaknesses. To improve security, we must prioritize practical measures over performative agendas, confronting uncomfortable truths about our readiness and commitment to the basics.
The question facing the Trump administration is whether the inflow of money, attention, and direct participation by technology leaders with vested financial interests in consumer-facing products, solutions, and revenue will lead to walking away from cybersecurity mandates and demands. Will the CEOs of companies with terrible track records in protecting their own data and the privacy and security of their own customers be the advisors for our government’s positions on protecting national critical infrastructure, AI competitiveness, and the responsible use and development of the support network needed for these functions? If the answer to those questions is yes, then the entry of the Trump administration will make the Biden administration’s efforts on cybersecurity a historical footnote.”
Ilona Cohen, Chief Legal and Policy Officer, HackerOne
“Cybersecurity and defending our nation’s critical infrastructure against threats has always been a nonpartisan issue. That’s why the Biden and first Trump administrations maintained executive orders on cybersecurity issued by their predecessors. We are particularly encouraged by the order’s recognition of the potential for artificial intelligence to enhance cybersecurity and its focus on management of vulnerabilities involving AI systems and software. We encourage the Trump administration to advance the order’s provisions, particularly those aimed at staying ahead of China on security by using AI.”
Ad
Join over 500,000 cybersecurity professionals in our LinkedIn group “Information Security Community”!