Carrie Pallardy, Contributing ReporterJanuary 16, 20255 Min ReadPresident Joe Biden meets with White House staff in the Oval Office, 2022, to review remarks he will give at an executive order signing. (Official White House Photo by Adam Schultz) American Photo Archive via Alamy Stock PhotoOn. Jan. 16, just days before leaving office, President Biden issued an executive order on improving the nations cybersecurity. The extensive order comes on the heels of the breaches of US Treasury and US telecommunications providers perpetrated by China state-sponsored threat actors.Adversarial countries and criminals continue to conduct cyber campaigns targeting the United States and Americans, with the Peoples Republic of China presenting the most active and persistent cyber threat to United States Government, private sector, and critical infrastructure networks, the order states.This new executive order, building on the one Biden issued in 2021, is extensive. It addresses issues ranging from third-party supply chain risks and AI to cybersecurity in space and the risks of quantum computers.Could this executive order shape the federal governments approach to cybersecurity? And how uncertain is its impact under the incoming Trump administration?The Executive OrderThe executive order outlines a broad set of initiatives to address nation state threats, improve defense of the nations digital infrastructure, drive accountability for software and cloud providers, and promote innovation in cybersecurity.Like the 2021 executive order, the newly released order emphasizes the importance of collaboration with the private sector.Related:Since it's an executive order, it's mainly aimed at the federal government. It doesn't directly regulate the private sector, Jim Dempsey, managing director of the Cybersecurity Law Center at nonprofit International Association of Privacy Professionals (IAPP), tells InformationWeek. It indirectly aims to impact private sector cybersecurity by using the government's procurement power.For example, the order directs software vendors working with the federal government to submit machine-readable secure software development attestations through the Cybersecurity and Infrastructure Security Agency (CISA) Repository for Software Attestation and Artifacts (RSAA).If CISA finds that attestations are incomplete or artifacts are insufficient for validating the attestations, the Director of CISA shall notify the software provider and the contracting agency, according to the order.The order also calls for the development of guidelines relating to the secure management of cloud service providers access tokens and cryptographic keys. In 2023, China-backed threat actor stole a cryptographic key, which led to the breach of several government agency Outlook email systems, Wired reports. A stolen key was behind the compromise of BeyondTrust that led to the recent US Treasury breach.Related:AI, unsurprisingly, doesnt go untouched by the order. It delves into establishing a program for leveraging AI models for cyber defense.The Biden administration also uses the executive order to call attention to cybersecurity threats that may loom larger in the future. The order points to the risks posed by quantum computers and space system cybersecurity concerns.Bidens Cyber LegacyThe Biden Administration made cybersecurity a priority. In addition to the 2021 executive order on cybersecurity, the administration released a National Cybersecurity Strategy and an implementation plan in 2023.The current administration also took sector-specific actions to bolster cybersecurity. For example, Biden issued an executive order focused on maritime cybersecurity.Kevin Orr, president of RSA Federal at RSA Security, a network security company, saw a positive response to the Biden Administrations efforts to improve cybersecurity within the government.I was surprised at how many agencies have leaned in the last 18 months, especially within the intelligence community, have really adopted basic identity proofing, coming forward with multifactor authentication, and really strengthening their defenses, Orr shares.Related:While the Biden Administration has worked to further cybersecurity, there are questions about adoption of new policies and best practices. Some stakeholders call for more regulatory enforcement.Much like any regulation, people are only going to follow it if there's some type of regulatory teeth to it, Joe Nicastro, field CTO at software security firm Legit Security, argues.Others argue for incentives are more likely to drive adoption of cybersecurity measures.Cybersecurity is an ongoing national security concern, and the Biden administration is soon passing the torch.I think this administration can leave extremely, extremely proud, says Dempsey. Certainly, they are handing over the nations cybersecurity to the incoming Trump administration in far better shape than it was four years ago.A New AdministrationWhile the order could mean big changes in the federal governments approach to cybersecurity, the timing makes its ultimate impact uncertain. Many of its directives for federal agencies have a long runway, months or years, for compliance. Will the Trump administration enforce the executive order?Cybersecurity has largely been painted as a bipartisan issue. And there has been some continuity between the first Trump Administration and the Biden Administration when it comes to cyber policies.For example, the Justice Department recently issued a final rule on Bidens Executive Order 14117 Preventing Access to Americans Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern. That order charges the Justice Department with establishing a regulatory program to prevent the sale of Americans sensitive data to China, Russia, Iran, and other foreign adversaries. That order and subsequent ruling stem from an executive order signed by Trump in 2019.Bidens 2025 cybersecurity executive order puts a spotlight on cyber threats from China, and President-Elect Trump has been vocal about his intention to crack down on those threats. But that does not preclude changes to or dismissal of provisions in Bidens final cybersecurity executive order.There may be some things that the incoming administration will ignore or deprioritize. I'd be a little surprised if they repealed the order, says Dempsey.CISA was a major player in the Biden administrations approach to cybersecurity, and it will continue to play a big role if this new executive order rolls out as outlined. But the federal agency has been criticized by several Republican lawmakers. Some have called to limit its power or even shut it down, AP News reports.The incoming Trump administration is also expected to take a more hands-off approach to regulation in many areas. Critical infrastructure is consistently at the heart of national cybersecurity conversations, and the majority of critical infrastructure is owned by the private sector.In terms of new regulation aimed at the private sector, I think we probably will not see anything out of the Trump administration, Dempsey predicts.Cybersecurity policy could look different under the Trump administration, but it is likely it will remain at the forefront of national security discussions.I'm hoping that threat of what China is doing with their cybersecurity programs and how they're facilitating attacks against BeyondTrust and US treasury et cetera, will help continue the progress that we've made within cybersecurity, says Nicastro.About the AuthorCarrie PallardyContributing ReporterCarrie Pallardy is a freelance writer and editor living in Chicago. She writes and edits in a variety of industries including cybersecurity, healthcare, and personal finance.See more from Carrie PallardyNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports