President Trump Amends Cybersecurity Executive Orders: Key Impacts and Analysis
In this episode, we delve into President Trump's recent amendments to Executive Orders 13694 and 14144, primarily focusing on enhancing national cybersecurity. We outline six key areas of impact, including specific threat identification, secure software development, post-quantum cryptography preparations, AI in cyber defense, modernizing federal systems, and defining scope in sanctions and applications. These proactive measures aim to strengthen the U.S. cybersecurity posture against foreign threats. Join the discussion and share your thoughts on these crucial changes.
00:00 Introduction to Cybersecurity Amendments
00:55 Key Fact 1: Updated Policy and Threat Landscape
02:21 Key Fact 2: Enhancing Secure Software Development
04:30 Key Fact 3: Preparing for Post-Quantum Cryptography
06:44 Key Fact 4: Promoting Security with AI
08:59 Key Fact 5: Modernizing Federal Systems
11:10 Key Fact 6: Scope of Applications and Sanctions
13:08 Conclusion and Final Thoughts
Episode Transcript
All right, if you follow cybersecurity news, president
Trump just signed two amendmentsto two executive orders
executive order 13 6 9 4 and 141 44 with the bulk of the
amendments focus on executiveorder 14 1 44.
I have six items, six key factsthat I want to talk to you about
(00:25):
today.
So let's get started.
The core objective of theseamendments is to improve our
(00:46):
nation's cybersecurity postureoverall, so we are more
resilient against nation stateattacks as it comes with
cybersecurity.
The first items, the first keyitem that was amended, it was an
update to the policy and threatlandscape.
Clarification if you will.
We had an a statement that wasmore generic in nature.
(01:08):
In terms of what nations are weconcerned with?
Foreign nations.
And this time around theexecutive order, the amendment
was very specific in callingnames such as the People's
Republic of China, Russia, Iran,North Korea, and other nations.
(01:28):
So we got very specific on whowe are watching.
Now, the positive of that iswell clarity.
Now we know who we should focuson.
Now we know who are the threatsagainst our nation, the areas
that we should consider perhaps,if any of drawback of that would
be there are in.
(01:51):
Geopolitical influences and ourrelationship.
It got a little spicy there, butthen again, what's the
difference now and then, right?
There, there is already sometensions regardless.
Now we're naming who we areconcerned with, so I think is a
(02:12):
positive change.
But tell me otherwise, if youthink is different in enhancing
the cyber the cybersecurity onsoftware development and
patching.
So enhancing the secure softwaredevelopment and patching is the
second key item that theseamendment reinforce.
So the Secretary of Commercethrough the director of NIST,
the National Institution ofStandards and Technology will.
(02:36):
I will be mandated to make someupdates.
So as August 1st, 2025, the theNIST established a consortium
with the industry and worktowards creating new guidance
for a security development andsecure operations.
And practices by updating theirNIST special publication 800-218
(03:02):
with, which is the secureSoftware Development Framework
or SSDF.
Also this year, September 2nd,2025, NIST 853, which is the
control library used to protectthese systems, including the
cyber, the secure softwaredevelopment framework to be
(03:24):
updated and.
That update should addressactually must address the
reliable deployment of patchesand updates, which is much
needed from a more generic to amore specific addressing of
those issues.
Now, also on December 1st ofthis year, so there's a lot of
(03:45):
coming up on the, in this year,is that a preliminary secure
software development frameworkshould be.
Available by the end of thisyear.
Now, the positive is quiteobvious.
This is a critical step tostrengthening our software
supply chain, ensuring thatintegrity of application
(04:05):
throughout that life cycle andfor our nation.
The drawback though, is the factthat these are fast changes that
are complex in nature andrequires tremendous coordination
with the industry.
I.
So the timeline is tough inthere.
These changes need to be highlycoordinated across everyone.
(04:30):
So the third item here is thepreparation for post quantum
cryptography or PQC.
And that transition is.
Tricky and it's challenging.
Now the good thing about thischange is that acknowledge the
quantum computing of sufficientsize as large powerful computers
(04:53):
will be capable of breaking ourtoday's public key cryptography.
So we as a nation areacknowledging that in this
executive order and particularthis amendment, what will change
here by December 1st of thisyear, the Secretary of Homeland
Security through the size mustrelease a regular updated list
(05:17):
of products and categories thatare, that support, the P, the
PQC, the post quantumcryptography.
The government can use us asprivate industry can use.
And that particular list, andalso by December 1st of this
year, the director of NationalSecurity and the director of OMB
(05:38):
must issue requirements foragents to support the transport
layer security or TLS protocol,version 1.3 or whatever is the
next substitute of that.
By January 2nd, 2030.
And that is to support and thereliability of these services
that use this TLS protocolagainst the post quantum comput
(06:03):
cryptography threat that wemight have.
Now, the positive of this changeis quite obvious.
You're going to strengthencapability.
Of our encryption mechanism.
Now, the and that is a proactivechange against the quantum
challenge that we will have now,the considerations and the pause
(06:23):
we have here perhaps is thatthere transition to.
PQC is complex resourceintensive to, to undertake this
task and requires significantinvestment research and
development and deploying acrossall sectors.
So that is challenging, thatdeadlines to come up with these
ideas are short as well.
(06:45):
The fourth key factor of theseamendments is promoting
security.
With artificial intelligence,now recognize that AI potential
to transform cyber defense byrapidly identifying
vulnerabilities and increasingthreat detection and so forth is
key for our nation's security.
(07:05):
By November 1st, 2025.
This year, various secretariescommerce through NIST and the
energy and Homeland securitythrough the undersecretary of
science and technology.
And the director of NSF mustensure the existing cyber
defense research data sets thatare accessible to academic
(07:26):
research community, they'reaccessible to the academic
research community.
That is key to continuedeveloping AI in a form that is
more open because currentlystate is.
Big corporations are leading thedevelopment in AI by using the
(07:48):
university as a researchcommunity specifically providing
the data set.
We'll open tremendous amount ofdoors for every and for every
size of organization.
Also by November 1st this year,the Secretary of Defense and the
Secretary of Homeland Securityand the Director of National
Intelligence must incorporatemanagement of AI software
(08:10):
vulnerabilities and compromisespart of their processes.
So that is also a key factor ofthese amendments.
Now the impact, the positiveimpact of this is of course,
this forward looking keyinitiative harness the AI power
that we know is there to enhanceour cyber defenses.
And proactively address anysecurity, a risk inherited by
(08:32):
ai, this emerging technology,the areas that you should pause
and have some consideration,perhaps think about is the
balancing that must exist ofaccessibility, of data,
confidentiality data, and thenational security is a tricky
dance.
So that is also something toconsider as we advance, not only
(08:53):
advance.
We are fast advancing forregarding this the fifth.
A key factor here is aligningpolicy to practice and
modernizing the federal systems.
So agencies are direct to aligninvestment priorities to improve
networking, architecture,visibility, and controls.
(09:13):
So within three years of theorders date.
The director of OMB must updatethe guidance, specifically the
circular A one 30 to address howthey're gonna audit and
maintain.
Compliance with this emergingtechnologies.
Also within one year, NIST sizeand OMB must establish a pilot
(09:36):
program for rules of code.
So rule as a code would is aexcellent approach.
I.
As we work with machine readableversions of cybersecurity policy
and guidance, providing thatwill enhance and automate and
standardize and ensurecompliance to the security that
(09:58):
you have on your organizationaland federal systems.
I.
By implementing this as areadable machine learning
readable information.
Also within one year, the agencymembers of the FAR Council must
update their far, far guidanceand requirements towards vendors
of consumer internet of thingsproducts.
(10:20):
So by.
January 4th, 2027 is expectedthese vendors of these products
to start using the United Statescyber trustmark labeling.
So the impact, the positive isthat OMB guidance will drive
motorization of our federal ITinfrastructure aiming to greater
(10:40):
resilience against cyberthreats.
The drawback and the pause, onceagain, the consideration is
that.
Implementing the new OMBguidance and adopting rule as a
code will require significanteffort.
Potentially culture shiftswithin the federal agencies, but
that is true in every change inevery organization, especially.
(11:04):
Larger organizations with morecomplex structure, change is
always difficult.
The other and last key factor Iwanna call out by these
amendments, and that is numbersix, is scope of applications
and sanctions amendments.
So one through seven of thisorder generally do not apply to
(11:27):
federal information systemsthat.
Our national security systems anexecutive order related to
quantum computing is the onlyexception.
The exact order 13 6 9 4 OHSalso touched, but that one was a
specific touching that one isthat deals with blocking
(11:48):
property for malicious cyberactivity, amends the change and
change to from a.
Any person to any foreign personin certain sanctions regarding
scoping of these sanctions.
So we are focusing on now somuch on.
Internal versus external or bothfor that matter, but also
(12:12):
focusing on external threat orforeign persons.
So that clarification is a goodamendment.
Now, the positive I.
Explicitly defining the scope ofyour system explicitly defining
the where you should focus onexecutive order.
13 6 9 4.
(12:32):
From a foreign person's point ofview, now you focus your
resources on that.
Is always positive and providesthat clear guidance.
Now, the consideration is byexcluding systems of national
security makes sense fromnational security.
But it means that those criticalsystems may operate under
(12:53):
different guidance andpotentially less publicized
directive.
Some people might see this as aproblem, some people might see
this as a positive.
It's up to you on yourinterpretation.
That's why I said it's aconsideration there.
But overall, these comprehensiveand proactive set of measures,
is aimed to fortify a nation'scybersecurity postures.
(13:16):
That's all it means, right?
So we that they are address arange of critical areas and and
they are refining the threatlandscape.
Targeting specific personstargeting specific nations.
So it provide us versus thatgeneric guidance, a more
specific guidance on how toprotect our nation's
(13:36):
infrastructures against foreignthreat.
Hey, what you think actually ofall of this, is it positive?
Is it good?
Is it bad?
Or you indifferent?
Live a comment below.
Let's chat about it.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
Ridiculous History
History is beautiful, brutal and, often, ridiculous. Join Ben Bowlin and Noel Brown as they dive into some of the weirdest stories from across the span of human civilization in Ridiculous History, a podcast by iHeartRadio.