Why the Trump administration should uphold this final cyber executive order
Ilona Cohen, the chief legal and policy officer at HackerOne, explains why President Joe Biden’s new cyber executive order should be a priority.
Former President Joe Biden’s executive order aimed to bolster the United States’ defenses against the escalating threats from foreign adversaries, particularly the People’s Republic of China (PRC). While the Trump administration will review every executive order issued and repeal some, they should not view the latest cybersecurity executive order as a political initiative, but as a critical national security initiative that transcends partisan divides and protects the country. The executive order is a critical tool that will provide continuity and drive progress on our nation’s cyber defense strategy during the critical months of the transition.
High-profile hacks attributed to the PRC have posed significant risks to U.S. national security.
From the Salt Typhoon and Volt Typhoon campaigns, which have targeted U.S. telecommunications and federal agencies, to broader and ongoing cyber espionage activities, these operations have disrupted vital services, compromised sensitive data, and exposed critical infrastructure. These attacks reflect not only China’s strategic ambitions but also its willingness to challenge the global order and undermine U.S. dominance.
Such operations reflect an increasingly aggressive approach, one that shows no signs of slowing down in the near future. This makes a comprehensive, long-term response essential to counter these evolving threats. The order represents a crucial step in this direction, but it is one that requires continuity — something both the Trump and Biden administrations have recognized in the realm of cybersecurity. Historically, cybersecurity has been a nonpartisan issue, with both administrations previously building on the foundation laid by their predecessors and acknowledging the need for coordinated responses.
This is where the Trump administration has an opportunity to make a decisive impact. Rather than dismantling the progress on cybersecurity made during the previous administration, the Trump administration should take the initiative to actively enforce its provisions. The order is informed by experience with actual attacks and contains provisions that will enhance protection for our nation’s critical infrastructure. Our clients in government and the private sector have seen firsthand the importance of two sections of the executive order in particular — vulnerability management and the integration of artificial intelligence into cybersecurity — to strengthening and modernizing the nation’s defenses.
The executive order emphasizes proactive measures that focus on anticipating and preventing cyberattacks before they occur. Section 2 of the order directs federal agencies to hunt for emerging cyber threats and vulnerabilities within their systems, shifting the focus from mere response to active defense. This “threat hunting” approach is essential to identifying weaknesses before they can be exploited by malicious actors.
In tandem, Section 6 calls for the integration of AI into cybersecurity strategies, recognizing AI’s potential to enhance the speed, accuracy and effectiveness of cyber defense efforts. For example, it directs the Energy Department to launch a pilot program exploring AI’s potential in defending critical energy infrastructure, while the Defense Department is tasked with developing advanced AI models for broader cybersecurity applications.
Given the ongoing threat of cyber attacks, there are additional actions the Trump administration should take to prioritize cybersecurity during the transition. While much attention is paid to the first 100 days of a new presidency, in the absence of quick action, we could face gaps in key positions in cybersecurity during that window. The President should immediately nominate his National Cyber Director so new leadership can be confirmed quickly by the Senate and get to work on updating the National Cybersecurity Strategy. Retaining the executive order will ensure progress on workstreams that are well underway that now have deadlines for completion. Upholding and strengthening the provisions of this executive order would send a powerful signal of bipartisan commitment and demonstrate that protecting the nation’s digital infrastructure is a shared responsibility.
Ilona Cohen is the chief legal and policy officer at HackerOne and formerly served as the general counsel of the White House Office of Management and Budget.
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
