On January 16, 2025, President Joe Biden issued the “Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity,” a comprehensive directive designed to address the growing complexity and sophistication of cyber threats targeting the United States. The Executive Order aims to establish a cohesive national strategy for improving cybersecurity across federal agencies, private businesses, and critical infrastructure sectors. The Executive Order governs a wide-array of critical issues, including new cybersecurity standards for federal contractors, enhanced public-private information sharing, the promotion of advanced technologies like quantum-resistant cryptography and artificial intelligence (AI), and the imposition of sanctions on foreign cyber actors. The Executive Order’s initiatives demonstrate a commitment to strengthening the nation’s cybersecurity defenses in a rapidly evolving digital landscape and incorporate approaches generally understood as best practices to enhance cybersecurity.
To further advance the initiatives outlined in the order, the Cybersecurity and Infrastructure Security Agency (CISA), a key federal entity responsible for coordinating national efforts to safeguard critical infrastructure, expanded on the directive with detailed implementation frameworks and additional guidance. CISA’s involvement underscores its crucial role in operationalizing the Executive Order and transforming its policy directives into actionable strategies. Through collaboration with industry leaders, technology innovators, and government stakeholders, CISA has addressed specific challenges, including adopting quantum-resistant cryptography, deploying artificial intelligence in cybersecurity defenses, and improving public-private information-sharing mechanisms. These efforts emphasize fostering innovation, enhancing resilience, and protecting the nation’s digital ecosystem from emerging threats. By building on the Executive Order, CISA seeks to bridge the gap between policy objectives and on-the-ground cybersecurity practices, ensuring that the nation’s cybersecurity posture evolves in tandem with the rapidly changing threat landscape.
The transition of the presidency to President Donald Trump on January 20, 2025, has led to questions about the future of the Biden Executive Order. Historically, President Trump has favored deregulation and, during his first term, had repealed several executive orders issued by previous administrations. The possibility of modification or repeal to the Executive Order is particularly significant for the manufacturing sector, which is both a critical component of the U.S. economy and a frequent target of cyberattacks.
The purpose of this guide is three-fold. First, it examines the key elements of the existing Executive Order. Next, it explores the potential modifications that the Trump administration may implement. Finally, it provides guidance tailored to manufacturing companies for navigating this evolving regulatory and threat environment, building on previous related resources published by Foley & Lardner and the Cybersecurity Manufacturing Innovation Institute (CyManII), which are referenced at the end of this alert.
Key Provisions of the Executive Order and their Impact on Manufacturing
Minimum Cybersecurity Standards for Federal Contractors
A central provision of the Executive Order mandates baseline cybersecurity measures for federal contractors. These include securing access to critical systems and data using Multi-factor authentication (MFA), incorporating endpoint detection and response (EDR) tools to monitor, detect, and respond to cybersecurity threats, and using encryption to protect sensitive data both during transit and at rest.
Manufacturers supplying goods or services to the federal government must adhere to these cybersecurity standards to maintain their eligibility for governmental contracts. For many companies, this may require substantial investments in upgrading systems, adopting new technologies, and training personnel. Non-compliance could lead to the loss of profitable federal contracts and potential reputational damage.
Enhanced Public-Private Information Sharing
The Executive Order directs federal agencies to enhance mechanisms for sharing threat intelligence with private-sector entities. This collaboration aims to provide timely and actionable insights to help businesses defend against emerging cyber threats.
This initiative benefits the manufacturing sector as it is a primary target for ransomware attacks and intellectual property theft. Access to real-time threat intelligence allows manufacturers to identify vulnerabilities, respond swiftly to incidents, and mitigate risks more effectively. A ransomware incident plan focused on manufacturing can be found here: Ransomware Playbook.
Transition to Quantum-Resistant Cryptography
The Executive Order highlights the urgent need to adopt quantum-resistant cryptographic algorithms to tackle the long-term threat arising from advancements in quantum computing. As manufacturing increasingly incorporates digital technologies and interconnected systems, safeguarding proprietary designs, supply chain data, and other sensitive information is essential to business. Early adoption of quantum-resistant encryption may provide a competitive advantage and safeguard critical assets against existing and future threats. Guidelines for approaching quantum-resistant cryptography are available from NIST and the first post-quantum encryption standards are found here.
Leveraging AI for Cybersecurity
The Executive Order promotes the use of AI-driven cybersecurity tools to identify and counter advanced cyber threats in real time. AI is potentially transformative for the manufacturing sector because it can automate threat detection and response strategies. AI is also a proven tool for minimizing operational disruptions, protecting intellectual property, and ensuring the integrity of production lines. The pilot programs outlined in the Executive Order could serve as a model for broader adoption across the industry. AI may significantly accelerate the detection and mitigation of cyber-attacks, an area under development by CyManII.
Sanctions on Foreign Cyber Actors
The Executive Order grants the federal government the authority to impose sanctions on individuals and entities responsible for cyberattacks targeting U.S. organizations. Sanctions serve as a deterrent against state-sponsored cyberattacks and industrial espionage. For manufacturers, this provision provides an extra layer of protection and highlights the government’s commitment to safeguarding critical industries.
Potential Changes Under the Trump Administration
Deregulation of Cybersecurity Standards
President Trump’s emphasis on minimizing regulatory burdens may result in a rollback of the cybersecurity requirements in the Executive Order. This could shift the responsibility for implementing robust cybersecurity measures from the federal government to individual companies.
Focus on Supply Chain Resiliency
Based on the criticality of U.S. manufacturing and its role in global competitiveness and economic stability, we anticipate President Trump will issue guidance on securing supply chain resiliency to enhance the productivity of U.S. manufacturers. We will monitor these anticipated changes and publish future alerts as applicable.
Reprioritization of Cybersecurity Initiatives
While the current Executive Order emphasizes quantum-resistant cryptography and AI, the Trump administration might focus first on immediate cybersecurity challenges and delay longer-term solutions that require significant investment.
Reduced Emphasis on Public-Private Collaboration
Changes to information-sharing initiatives could decrease government support for private-sector cybersecurity efforts, which may compel manufacturers to seek alternative sources of threat intelligence.
Selective Sanctions Enforcement
A more selective approach to sanctions could change the deterrent effect on foreign cyber actors, potentially raising the risk of targeted attacks on U.S. manufacturing companies.
Guidance for Manufacturing Companies
Given the uncertainty surrounding the future of the Executive Order, manufacturers must adopt a proactive approach to cybersecurity. Below are actionable steps to enhance resilience:
Strengthen Core Cybersecurity Measures
- Adopt Industry Best Practices: Ensure the deployment of MFA, EDR, and encryption on all critical systems.
- Secure Operational Technology (OT): Safeguard industrial control systems (ICS) and other OT components essential to manufacturing operations.
- Conduct Regular Assessments: Regular audits can help identify vulnerabilities and prioritize remediation efforts.
- Invest in Employee Training: Over 80% of ransomware and other cyber-attacks can be traced to the “human in the loop.” Thus, cybersecurity training is a solid investment to protect your company and its operations.
Monitor Regulatory Developments
- Stay Informed: Stay informed about updates to the Executive Order and other relevant cybersecurity policies.
- Engage Legal Counsel: Consult legal and compliance experts to assess the potential impact of policy changes on your business operations.
Invest in Advanced Cybersecurity Technologies
- Explore AI Solutions: Leverage AI tools for predicting threats, identifying anomalies, and automating incident responses.
- Transition to Quantum-Resistant Cryptography: Start planning cryptographic upgrades to protect sensitive data from emerging threats.
- Collaborate with Industry Peers: Participate in forums and consortia to exchange best practices and establish standardized cybersecurity protocols.
Secure the Supply Chain
- Evaluate Vendor Risks: Perform comprehensive cybersecurity assessments of suppliers and third-party partners.
- Develop Redundancy Plans: Identify critical supply chain dependencies and develop contingency plans to mitigate potential disruptions.
- Encrypt Communications: Safeguard data transfers throughout the supply chain to minimize the risk of interception.
Build Robust Incident Response Plans
- Establish Comprehensive Protocols: Develop incident response plans tailored to manufacturing-specific threats, such as ransomware attacks on production systems. An example of industry guidance and template is available in CyManII’s Ransomware Preparation Guide: Prevention, Mitigation, and Recovery for Manufacturers.
- Train Employees: Provide ongoing cybersecurity training to improve awareness and minimize human error.
- Test and Refine Plans: Perform regular simulations to assess the effectiveness of response strategies and implement necessary adjustments.
Final Thoughts
The “Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity” highlights the urgent need for robust cybersecurity measures, particularly within the manufacturing sector, vital to national security, economic stability, and global competitiveness. This sector faces an increasing number of sophisticated threats, including ransomware attacks, vulnerabilities in the supply chain, and intellectual property theft. While the future of the Executive Order under the Trump administration is uncertain, manufacturers cannot afford to delay action. Cyber-attacks on manufacturers will continue to rise in volume and sophistication over the coming years. Proactive measures such as implementing advanced security technologies, strengthening supply chain defenses, and keeping abreast of regulatory changes are essential for mitigating risks and ensuring operational continuity.
Furthermore, adhering to strict cybersecurity standards allows manufacturers to secure federal contracts, establish trust with stakeholders, and gain a competitive edge in the market. As potential changes to the Executive Order could lead to a fragmented regulatory landscape—spanning federal, state, and international levels—manufacturers must prepare for diverse compliance requirements. By prioritizing cybersecurity, the manufacturing sector not only safeguards its critical assets and processes but also reinforces its vital role in driving economic growth and technological innovation.
About CyManII
Launched in 2020 by the U.S. Department of Energy, CyManII works across the manufacturing industry, research and academic institutions, and federal government agencies to develop technologies that enable the security and growth of the U.S. manufacturing sector.
Additional information on cybersecurity risks faced by manufacturers can be found in prior articles authored by Foley & Larder and CyManII, including:
Recommendations for Managing Cybersecurity Threats in the Manufacturing Sector
So, You Think of Cybersecurity Only as a Cost Center? Think Again.
CyManII also contributed to this article.