A sweeping executive order aims to upgrade national cyber defense by integrating AI, preparing for quantum computing threats, and securing federal tech systems.
On June 6, 2025, the Trump administration released a revised cybersecurity executive order outlining nearly a dozen new federal directives to bolster U.S. digital infrastructure. The order, titled Sustaining Select Efforts to Strengthen the Nation's Cybersecurity, builds on two prior executive orders issued in 2015 and 2024. It identifies China, Russia, Iran, and North Korea as the most persistent nation-state cyber threats and sets deadlines for implementing new defense measures, including AI integration, post-quantum cryptography, and internet-of-things (IoT) labeling.
The revised order introduces several specific mandates with deadlines ranging from August 2025 to January 2027. Among the most immediate:
Experts like Kevin Bocek from CyberArk praised the AI-focused direction, noting that proper implementation can bolster threat detection and secure increasingly autonomous systems. Bocek also warned of the risks of unsecured machine identities, which now vastly outnumber human accounts within modern infrastructures.
The EO also tackles the growing urgency around post-quantum cryptography (PQC). Agencies are instructed to transition away from encryption vulnerable to quantum computing advances. By December 2025, a formal list of PQC-compliant products will be published and regularly updated.
President Trump framed the new directives as a national security priority, stating that modern cyber campaigns “disrupt the delivery of critical services, cost billions of dollars, and undermine Americans’ security and privacy.”
Bocek echoed this urgency, stating that federal guidance must evolve quickly enough to secure AI, machine identities, and the broader attack surface. He cited CyberArk survey results showing that 68% of organizations lack controls for AI identity security, while 75% prioritize business needs over cybersecurity measures.
Post-quantum cryptography refers to encryption methods that can resist decryption by quantum computers. Today’s standard public-key cryptography could be rendered obsolete once quantum computing matures.
Machine identity sprawl occurs when organizations generate vast numbers of unmanaged digital credentials for machines (like servers, bots, and devices), making it harder to control access and detect intrusions.
AI can automate vulnerability detection, increase threat monitoring scale, and react faster than manual systems. However, it also introduces new risks if not properly secured.
The Cyber Trust Mark is a federal label indicating that an IoT product meets baseline cybersecurity standards. By 2027, all federal IoT providers must use it to certify device security.
Allowing researchers access to real-world cyber data supports innovation in threat detection and defense strategies, helping to build a broader ecosystem of cybersecurity expertise beyond government agencies.