3 days ago
Trump quietly throws out Biden's cyber policies
President Trump quietly took a red pen to much of the Biden administration's cyber legacy in a little-noticed move late Friday.
Why it matters: Until now, it has been unclear which Biden-era cybersecurity policies the Trump administration would keep — if any.
Cybersecurity is a rare bipartisan area. It's pretty common for new administrations to keep their predecessors' programs in place.
Driving the news: Under an executive order signed just before the weekend, Trump is tossing out some of the major touchstones of Biden's cyber policy legacy — while keeping a few others.
The order preserves efforts around post-quantum cryptography, advanced encryption standards, and border gateway protocol security, along with the Cyber Trust Mark program — an Energy Star-type labeling initiative for consumer smart devices.
But hallmark programs tied to software bills of materials, zero-trust implementation, and space contractor cybersecurity requirements have been either rescinded or left in limbo.
The new executive order amends both the Biden cyber executive order signed in January and an Obama administration order.
Zoom in: Each of the following Biden-era programs is now out the door or significantly rolled back:
A broad requirement for federal software vendors to provide a software bill of materials — essentially an ingredient list of code components — is gone.
Biden-era efforts to encourage federal agencies to accept digital identity documents and help states develop mobile driver's licenses were revoked.
Several AI cybersecurity research mandates, including those focused on AI-generated code security and AI-driven patch management pilots, have been scrapped or deprioritized.
The requirement that software contractors formally attest they followed secure development practices — and submit those attestations to a federal repository — has been cut. Instead, the National Institute of Standards and Technology will now coordinate a new industry consortium to review software security guidelines.
The big picture: If this executive order is a blueprint, Trump 2.0 appears poised to adopt a less prescriptive, more decentralized approach to cybersecurity — focused on paring back federal mandates and shifting more discretion to agencies and state governments.
Flashback: The Biden administration emphasized holding not just foreign adversaries accountable for cyberattacks, but also software makers whose insecure products left federal systems vulnerable.
Much of that vision involved a long-term public-private effort to build stronger accountability and transparency in software development — a campaign that now appears to be on pause.
What they're saying: Reaction to the executive order has been mixed as officials have only begun to parse its full implications.
