The President of the United States has issued an order amending Executive Orders 13694 and 14144 to enhance the nation's cybersecurity. The amendments are made under the authority vested in the President by various U.S. laws, including the International Emergency Economic Powers Act and the National Emergencies Act.
Executive Order 14144, initially signed on January 16, 2025, is modified to address ongoing cyber threats from foreign nations and criminals. The People's Republic of China is identified as a significant threat, alongside Russia, Iran, North Korea, and others. The order emphasizes improving national cybersecurity to protect critical services and infrastructure.
Key amendments include changes to sections related to secure software development practices and updates to security guidelines. By August 1, 2025, a consortium will be established at the National Cybersecurity Center of Excellence to develop guidance on secure software practices based on NIST Special Publication 800–218.
Further modifications involve preparations for transitioning to post-quantum cryptography (PQC). By December 1, 2025, relevant agencies are directed to release lists of products supporting PQC and issue requirements for adopting Transport Layer Security protocol version 1.3 or its successor by January 2, 2030.
The order also highlights promoting security with artificial intelligence (AI) by ensuring datasets for cyber defense research are accessible by November 1, 2025. Additionally, policies must align investments and priorities within three years to improve network visibility and security controls.
Executive Order 13694 is amended by specifying that actions apply only to "foreign persons" rather than "any person." This change aligns with previous executive orders addressing malicious cyber-enabled activities.
The general provisions state that nothing in this order should impair existing legal authorities or create enforceable rights against the United States or its entities.
The costs associated with publishing this order will be covered by the Department of Homeland Security.
"By December 1, 2025," said the Secretary of Commerce through NIST's Director regarding secure software development frameworks updates.
"The People's Republic of China presents the most active and persistent cyber threat," according to section amendments in Executive Order policy statements.