The Biden administration issued two sweeping directives addressing cybersecurity needs for the federal government, including one that materialized just days before President Donald Trump took office. The current president did not rescind the cybersecurity executive orders (EOs) the way he did others.
Now, in the midst of cybersecurity concerns surrounding Elon Musk’s Department of Government Efficiency (DOGE), along with productivity and waste-reducing directives from the Trump administration, it’s unclear whether or not the EOs are still a priority for the federal government.
Well, this is what it looks like. The Trump administration’s new EOs focus heavily on government efficiency and direct agencies to only work on statutorily required activities, which could override tasks from previous directives.
“Until middle of last month, a lot of interagency work was blocked,” one IT professional in the federal government wrote to IT Brew. “This all caused a lot of work stoppage on those EOs, especially anything that required multi-agency collaboration. Folks aren’t really working on the last couple Biden EOs on cyber for example, they just went ‘poof.’”
The Department of State continuously receives guidance on cybersecurity objectives from the Trump administration.
Cassandra Eichner, a spokesperson for the National Science Foundation, told IT Brew in an email that the agency is continuing to implement the cybersecurity principles (identity, devices, networks, applications, and data) outlined in the 2021 order from Biden, and is implementing “elements” of the 2025 order, including “supply-chain risk management, AI use, fraud prevention, and digital identity verification.”
When the old magic was written. The first Biden-era cybersecurity directive was in response to the SolarWinds cyberattacks, which started in 2019 and affected both public and private sectors. The compromise, according to a former cybersecurity official, sent a shudder through those in and around the executive branch and agency leadership at the time.
The Biden administration’s final cybersecurity EO, dated Jan. 16, 2025, sought to solicit additional actions to improve national cybersecurity and improve accountability for both software and cloud providers.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
A former official who worked on the 2025 EO from Biden said that the team tasked with assembling it looked to build on the 2021 order and address vulnerabilities including software as a root cause of major incidents impacting critical infrastructure and the federal government.
“We saw the need to expand our views and our approach towards what is a threat to our national security in the cyber domain, and us needing to do things like highlight that the entire ecosystem of ransomware activity, not just the malicious cyber activity involved, needs to be captured as part of the national security threat,” the former official who worked on the EO said.
Take about 2–10% off? The former cybersecurity official pointed to both orders having no shortage of agency requirements and responsibilities, a risk that the executive branch was willing to take with the first EO.
“The danger of doing a big, sweeping, maximalist, deadline-rich executive order is that people can very credibly say that they can’t do it all and can’t do it all on time,” the former cybersecurity official said.
The continued: “It really went past where you’re actually getting a lot of high value from those things, and you are making people numb to the missing of deadlines or deadlines are getting met through real checkbox exercise stuff.”
As of last year, the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) still had not met all of the requirements asked of them in the original cybersecurity EO, according to a report from IBM.
The former cybersecurity official said that many agencies received pressure from the Biden National Security Council (NSC) on prioritized requirements in the first EO to achieve completion, “but it was never the same as actually activating and animating the federal bureaucracy to believe in this thing and carry it out.”
The White House and 19 other agencies did not respond to a request for comment from IT Brew.