Unpacking Trump’s Cybersecurity Orders: Key Updates and What They Mean for National Security

Show Notes

President Trump Amends Cybersecurity Executive Orders: Key Impacts and Analysis

In this episode, we delve into President Trump's recent amendments to Executive Orders 13694 and 14144, primarily focusing on enhancing national cybersecurity. We outline six key areas of impact, including specific threat identification, secure software development, post-quantum cryptography preparations, AI in cyber defense, modernizing federal systems, and defining scope in sanctions and applications. These proactive measures aim to strengthen the U.S. cybersecurity posture against foreign threats. Join the discussion and share your thoughts on these crucial changes.

00:00 Introduction to Cybersecurity Amendments

00:55 Key Fact 1: Updated Policy and Threat Landscape

02:21 Key Fact 2: Enhancing Secure Software Development

04:30 Key Fact 3: Preparing for Post-Quantum Cryptography

06:44 Key Fact 4: Promoting Security with AI

08:59 Key Fact 5: Modernizing Federal Systems

11:10 Key Fact 6: Scope of Applications and Sanctions

13:08 Conclusion and Final Thoughts

Transcript

Dr. B.: 0:02

All right, if you follow cybersecurity news, president Trump just signed two amendments to two executive orders executive order 13 6 9 4 and 14 1 44 with the bulk of the amendments focus on executive order 14 1 44. I have six items, six key facts that I want to talk to you about today. So let's get started. The core objective of these amendments is to improve our nation's cybersecurity posture overall, so we are more resilient against nation state attacks as it comes with cybersecurity. The first items, the first key item that was amended, it was an update to the policy and threat landscape. Clarification if you will. We had an a statement that was more generic in nature. In terms of what nations are we concerned with? Foreign nations. And this time around the executive order, the amendment was very specific in calling names such as the People's Republic of China, Russia, Iran, North Korea, and other nations. So we got very specific on who we are watching. Now, the positive of that is well clarity. Now we know who we should focus on. Now we know who are the threats against our nation, the areas that we should consider perhaps, if any of drawback of that would be there are in. Geopolitical influences and our relationship. It got a little spicy there, but then again, what's the difference now and then, right? There, there is already some tensions regardless. Now we're naming who we are concerned with, so I think is a positive change. But tell me otherwise, if you think is different in enhancing the cyber the cybersecurity on software development and patching. So enhancing the secure software development and patching is the second key item that these amendment reinforce. So the Secretary of Commerce through the director of NIST, the National Institution of Standards and Technology will. I will be mandated to make some updates. So as August 1st, 2025, the the NIST established a consortium with the industry and work towards creating new guidance for a security development and secure operations. And practices by updating their NIST special publication 800-218 with, which is the secure Software Development Framework or SSDF. Also this year, September 2nd, 2025, NIST 853, which is the control library used to protect these systems, including the cyber, the secure software development framework to be updated and. That update should address actually must address the reliable deployment of patches and updates, which is much needed from a more generic to a more specific addressing of those issues. Now, also on December 1st of this year, so there's a lot of coming up on the, in this year, is that a preliminary secure software development framework should be. Available by the end of this year. Now, the positive is quite obvious. This is a critical step to strengthening our software supply chain, ensuring that integrity of application throughout that life cycle and for our nation. The drawback though, is the fact that these are fast changes that are complex in nature and requires tremendous coordination with the industry. I. So the timeline is tough in there. These changes need to be highly coordinated across everyone. So the third item here is the preparation for post quantum cryptography or PQC. And that transition is. Tricky and it's challenging. Now the good thing about this change is that acknowledge the quantum computing of sufficient size as large powerful computers will be capable of breaking our today's public key cryptography. So we as a nation are acknowledging that in this executive order and particular this amendment, what will change here by December 1st of this year, the Secretary of Homeland Security through the size must release a regular updated list of products and categories that are, that support, the P, the PQC, the post quantum cryptography. The government can use us as private industry can use. And that particular list, and also by December 1st of this year, the director of National Security and the director of OMB must issue requirements for agents to support the transport layer security or TLS protocol, version 1.3 or whatever is the next substitute of that. By January 2nd, 2030. And that is to support and the reliability of these services that use this TLS protocol against the post quantum comput cryptography threat that we might have. Now, the positive of this change is quite obvious. You're going to strengthen capability. Of our encryption mechanism. Now, the and that is a proactive change against the quantum challenge that we will have now, the considerations and the pause we have here perhaps is that there transition to. PQC is complex resource intensive to, to undertake this task and requires significant investment research and development and deploying across all sectors. So that is challenging, that deadlines to come up with these ideas are short as well. The fourth key factor of these amendments is promoting security. With artificial intelligence, now recognize that AI potential to transform cyber defense by rapidly identifying vulnerabilities and increasing threat detection and so forth is key for our nation's security. By November 1st, 2025. This year, various secretaries commerce through NIST and the energy and Homeland security through the undersecretary of science and technology. And the director of NSF must ensure the existing cyber defense research data sets that are accessible to academic research community, they're accessible to the academic research community. That is key to continue developing AI in a form that is more open because currently state is. Big corporations are leading the development in AI by using the university as a research community specifically providing the data set. We'll open tremendous amount of doors for every and for every size of organization. Also by November 1st this year, the Secretary of Defense and the Secretary of Homeland Security and the Director of National Intelligence must incorporate management of AI software vulnerabilities and compromises part of their processes. So that is also a key factor of these amendments. Now the impact, the positive impact of this is of course, this forward looking key initiative harness the AI power that we know is there to enhance our cyber defenses. And proactively address any security, a risk inherited by ai, this emerging technology, the areas that you should pause and have some consideration, perhaps think about is the balancing that must exist of accessibility, of data, confidentiality data, and the national security is a tricky dance. So that is also something to consider as we advance, not only advance. We are fast advancing for regarding this the fifth. A key factor here is aligning policy to practice and modernizing the federal systems. So agencies are direct to align investment priorities to improve networking, architecture, visibility, and controls. So within three years of the orders date. The director of OMB must update the guidance, specifically the circular A one 30 to address how they're gonna audit and maintain. Compliance with this emerging technologies. Also within one year, NIST size and OMB must establish a pilot program for rules of code. So rule as a code would is a excellent approach. I. As we work with machine readable versions of cybersecurity policy and guidance, providing that will enhance and automate and standardize and ensure compliance to the security that you have on your organizational and federal systems. I. By implementing this as a readable machine learning readable information. Also within one year, the agency members of the FAR Council must update their far, far guidance and requirements towards vendors of consumer internet of things products. So by. January 4th, 2027 is expected these vendors of these products to start using the United States cyber trustmark labeling. So the impact, the positive is that OMB guidance will drive motorization of our federal IT infrastructure aiming to greater resilience against cyber threats. The drawback and the pause, once again, the consideration is that. Implementing the new OMB guidance and adopting rule as a code will require significant effort. Potentially culture shifts within the federal agencies, but that is true in every change in every organization, especially. Larger organizations with more complex structure, change is always difficult. The other and last key factor I wanna call out by these amendments, and that is number six, is scope of applications and sanctions amendments. So one through seven of this order generally do not apply to federal information systems that. Our national security systems an executive order related to quantum computing is the only exception. The exact order 13 6 9 4 OHS also touched, but that one was a specific touching that one is that deals with blocking property for malicious cyber activity, amends the change and change to from a. Any person to any foreign person in certain sanctions regarding scoping of these sanctions. So we are focusing on now so much on. Internal versus external or both for that matter, but also focusing on external threat or foreign persons. So that clarification is a good amendment. Now, the positive I. Explicitly defining the scope of your system explicitly defining the where you should focus on executive order. 13 6 9 4. From a foreign person's point of view, now you focus your resources on that. Is always positive and provides that clear guidance. Now, the consideration is by excluding systems of national security makes sense from national security. But it means that those critical systems may operate under different guidance and potentially less publicized directive. Some people might see this as a problem, some people might see this as a positive. It's up to you on your interpretation. That's why I said it's a consideration there. But overall, these comprehensive and proactive set of measures, is aimed to fortify a nation's cybersecurity postures. That's all it means, right? So we that they are address a range of critical areas and and they are refining the threat landscape. Targeting specific persons targeting specific nations. So it provide us versus that generic guidance, a more specific guidance on how to protect our nation's infrastructures against foreign threat. Hey, what you think actually of all of this, is it positive? Is it good? Is it bad? Or you indifferent? Live a comment below. Let's chat about it.