Former President Biden’s second major cyber executive order released on Jan. 16 will remain in effect, amid the first acts to roll back EOs and executive actions that the new Trump administration describes as “harmful” including the 2023 artificial intelligence EO.
May 10, 2025
Special Report
SPECIAL REPORT
The first hundred days of the Trump administration’s cyber policies
Disruption has been the animating feature of President Trump’s first hundred days back in office, but mainstay cyber initiatives have largely continued so far, at NIST and the Pentagon, while a question mark hangs over a controversial cyber rule proposed by the Cybersecurity and Infrastructure Security Agency.
As of April 29 -- Day 100 of the second Trump administration -- there has yet to be an executive order or presidential memo substantially overhauling the Biden administration’s approach to cyber, which itself was largely a continuation of policies from the first Trump administration that had built on the work of the Obama administration.
Whether by design or serendipity, Trump has often left the cybersecurity work to the professionals and lent support to the cyber program, by signing the law that created CISA, for instance, in 2018.
However, the impact of ongoing staff reductions could be severe. For instance, key members of the secure-by-design team at CISA announced they were leaving in late April. And the activities of the Elon Musk-led DOGE initiative in probing federal systems has raised cybersecurity concerns on Capitol Hill and among cyber professionals.
Industry groups have presented the new administration with strategies for an extensive update to cyber policy, offering Trump officials what they’ve portrayed as cost-effective cyber approaches that don’t entangle the private sector in red tape.
Commerce Secretary Howard Lutnick came into office pledging to work across the aisle with Sen. John Hickenlooper (D-CO) on a regulatory harmonization effort.
The U.S. Chamber of Commerce, USTelecom, energy, financial and other groups have submitted cyber plans along with calls to drastically overhaul the incident reporting rule pending at CISA and to renew the expiring cyber info-sharing act of 2015.
Another hallmark of industry lobbying over the first hundred days has been strong support for fully funding cyber initiatives at the National Institute of Standards and Technology.
Among the plethora of cyber activities at NIST, the agency is planning to start work on developing an artificial intelligence “overlay” for its foundational publication of security and privacy controls, according to Katerina Megas, a NIST official tasked with focusing on the intersection of cyber and AI.
At the Department of Defense, officials have pressed ahead with major cyber efforts including implementation of its landmark CMMC cyber certification program along with a renewed focus on zero-trust architecture under returning DOD official Katie Arrington.
At CISA, the frontline cyber agency is awaiting the confirmation of Sean Plankey as director, as well as still waiting to learn the strategic plans of the White House and new Homeland Security Secretary Kristi Noem. She came into office pledging to field a nimbler, leaner team at CISA.
Inside Cybersecurity is pleased to offer this special report with a curation of articles covering the key developments in cyber policy since Jan. 20:
January
January 21, 2025
January 29, 2025
Homeland Security Secretary Kristi Noem delivered a challenge to staff in her first remarks leading the department to be “more nimble” and efficient when it comes to how to deploy resources, including protecting cyber infrastructure.
February
February 4, 2025
Commerce Secretary nominee Howard Lutnick responds to questions from Sen. John Hickenlooper (D-CO) on cybersecurity including harmonizing regulations and addressing threats to telecom infrastructure, in written answers to questions from lawmakers on the Senate Commerce Committee.
February 5, 2025
USTelecom calls for a policy reset on cybersecurity under the Trump administration, in a blog post outlining five proposals to achieve the trade association’s vision for the future.
February 28, 2025
A coalition of financial sector groups is asking the Cybersecurity and Infrastructure Security Agency to rescind its mandatory cyber incident reporting rulemaking and make changes to reflect the concerns of its members.
March
March 3, 2025
The U.S. Chamber of Commerce is leading efforts to urge Congress to reauthorize the Cybersecurity Information Sharing Act of 2015, arguing that the law has been an important piece of industry efforts to share information with the government and between players in the private sector.
March 4, 2025
The Defense Department has announced Katie Arrington will serve as the Pentagon’s chief information officer in an acting capacity, elevating a key voice in the Defense Department’s Cybersecurity Maturity Model Certification program who joined the Office of the DOD CIO in February.
March 7, 2025
A coalition of industry groups have sent a letter to Commerce Secretary Howard Lutnick highlighting the National Institute of Standards and Technology’s collaborative work on cybersecurity and calling for continued funding to support those initiatives as agencies face cuts under the Trump administration’s efforts to find efficiencies.
March 12, 2025
Lawmakers on the House Homeland Security Committee agreed on the need for cyber regulatory harmonization at a hearing focused on the Cybersecurity and Infrastructure Security Agency’s incident reporting rulemaking and changes to meet stakeholder concerns.
March 14, 2025
FCC Chairman Brendan Carr is launching a Council for National Security cutting across the commission’s regulatory, investigative and enforcement activities to address threats from China, including the mitigation of cyber vulnerabilities.
March 17, 2025
The Cybersecurity and Infrastructure Security Agency is working with critical infrastructure partners to determine next steps for an important structure used by the government and private sector to work together, following Homeland Security Secretary Kristi Noem’s decision to terminate the Critical Infrastructure Partnership Advisory Council.
March 28, 2025
Senate Homeland Security and Governmental Affairs ranking member Gary Peters (D-MI) is raising concerns over the impacts of the “Department of Government Efficiency” and its affiliated individuals getting access to sensitive information on federal systems, in letters to 24 federal agencies seeking details on their activities.
March 31, 2025
Michael Duffey, nominee for under secretary of defense for acquisition and sustainment, weighed in on the future of the Pentagon’s Cybersecurity Maturity Model Certification program ahead of his recent Senate Armed Services Committee confirmation hearing.
April
April 2, 2025
Senate Homeland Security ranking member Gary Peters (D-MI) is working to find potential co-sponsors to support the reintroduction of a cyber regulatory harmonization bill to create an interagency committee at the Office of the National Cyber Director tasked with developing a reciprocity framework.
April 3, 2025
Katie Arrington is committed in her new role as acting CIO at the Pentagon to taking an aggressive approach to implementing zero trust across the Defense Department through enforcing high standards for budget priorities and working to change the acquisition landscape.
April 16, 2025
Two key cyber lawmakers in the Senate have introduced a bipartisan bill to reauthorize a closely watched information sharing law set to expire at the end of the current fiscal year.
April 21, 2025
Senior advisors Bob Lord and Lauren Zabierek have announced plans to exit the Cybersecurity and Infrastructure Security Agency, raising questions on the future of the secure by design initiative.
April 23, 2025
The Pentagon is providing instructions to contracting officials on tailoring the latest version of the National Institute of Standards and Technology’s foundational publication on controlled unclassified information, in a recent memorandum on organization-defined parameters critical to the next iteration of the Cybersecurity Maturity Model Certification program.
April 28, 2025
SAN FRANCISCO. The National Institute of Standards and Technology is planning to start work on developing an artificial intelligence “overlay” for its foundational publication of security and privacy controls, according to Katerina Megas, a NIST official tasked with focusing on the intersection of cyber and AI.
April 29, 2025
SAN FRANCISCO. Staffers on the House Homeland Security Committee shared perspectives on what’s next for the reauthorization of the Cybersecurity Information Sharing Act of 2015 on a panel here at the RSA conference, reflecting how the threat environment has evolved over the past 10 years and potential changes to the law.