Executive Order Focuses on Changes Regarding AI, Software Security, and Quantum Resilience 

President Donald Trump signed a new executive order (EO) on June 6, 2025, to update and consolidate U.S. cybersecurity policy in response to increasing global cyber threats, particularly from state actors like China, Russia, Iran, and North Korea. The order builds on and revises previous orders from both the Obama administration (in 2015) and the Biden administration (in January 2025), aiming to modernize federal cyber defenses and clarify policy priorities.  

The White House outlined details of the order in a White House fact sheet. 

Seven key takeaways from the new executive order: 

1. Public-Private Consortium to Develop Secure Software
   The EO mandates the establishment of a public-private consortium by August 2025 to oversee secure software development. This initiative emphasizes collaboration rather than strict compliance, instructing the National Institute of Standards and Technology (NIST) to partner with industry leaders to enhance existing frameworks. 
2. Rollback of Federal Compliance Mandates
   The EO rolls back previous requirements for software vendors to formally attest to the National Institute of Standards and Technology (NIST) guidelines. Instead, it encourages flexible, industry-driven adoption of security best practices. This move shifts away from federal checklists in favor of adaptable standards. 
3. Focus on AI for Defense, Not Censorship
   The order redirects efforts related to Artificial Intelligence (AI) in cybersecurity toward identifying and mitigating vulnerabilities, rather than monitoring content. It also advocates for broader academic access to cybersecurity data while protecting national and commercial interests, which involves intelligence agencies in establishing new standards for AI vulnerability. 
4. Preparation for Post-Quantum Threats
   The order assigns federal agencies the task of developing post-quantum cryptography standards by 2030 and to take other steps to ensure that “Americans can know that their personal and home devices meet basic security engineering principles.” The National Security Agency (NSA) and the Office of Management and Budget (OMB) are instructed to issue new encryption requirements to ensure the long-term resilience of federal systems. 
5. Federal Software Patch Guidance to be Updated
   NIST is instructed to update federal guidelines on software patching by September 2025. This is part of a broader strategy to make vulnerability management more proactive and effective across government systems. 
6. Cybersecurity Labeling Standards for IoT Devices
   Vendors of consumer Internet of Things (IoT) devices sold to the federal government must comply with enhanced cybersecurity labeling standards by 2027. This initiative aims to enhance trust and transparency in the connected device ecosystem. 
7. Revised Sanctions and Digital ID Policy
   The order amends the Obama-era sanctions framework to clarify that penalties only apply to foreign cyber actors, not election-related domestic activities. It also revokes a provision from the Biden-era order that supported issuing digital IDs for access to public benefits, a move the Trump administration claims was prone to fraud. 

The new executive order marks a significant shift in federal cybersecurity policy, emphasizing industry collaboration and concentrating on critical areas such as AI and quantum security.  

As we reach the halfway point of this year, it’s worth taking a moment to review a January article discussing some cybersecurity challenges predicted for 2025. The impact of the latest Executive Order on these challenges remains to be seen. In the meantime, it’s a good time to take steps to mitigate cyber threats at your organization.