U.S. President Donald Trump issued an Executive Order to enhance the ability of states, local governments, and citizens to prepare more effectively for cyber-attacks and severe weather events. The Order launched a National Resilience Strategy that articulates the priorities, means, and ways to advance the resilience of the nation, while simplifying federal preparedness and response policies, allowing state and local authorities to comprehend better, plan for, and meet the needs of their communities.
“Citizens are the immediate beneficiaries of sound local decisions and investments designed to address risks, including cyber attacks, wildfires, hurricanes, and space weather. When States are empowered to make smart infrastructure choices, taxpayers benefit,” Trump wrote in his Wednesday presidential action. “This order empowers State, local, and individual preparedness and injects common sense into infrastructure prioritization and strategic investments through risk-informed decisions that make our infrastructure, communities, and economy resilient to global and dynamic threats and hazards.”
Trump also called for a review of several initiatives from former President Joe Biden’s administration, suggesting that these policies should be evaluated and modified as needed. These include the National Security Memorandum 16 of November 10, 2022, focused on ‘Strengthening the Security and Resilience of United States Food and Agriculture’; National Security Memorandum 22 of April 30, 2024, covering ‘Critical Infrastructure Security and Resilience’; Executive Order 14017 of February 24, 2021, dealing with America’s Supply Chains; and Executive Order 14123 of June 14, 2024 addressing ‘White House Council on Supply Chain Resilience.’
The Executive Order also launched a National Resilience Strategy that articulates the priorities, means, and ways to advance the resilience of the nation. It calls for a review of all infrastructure, continuity, and preparedness policies to modernize and simplify federal approaches, aligning them with the National Resilience Strategy. This includes shifting national critical infrastructure policy from an ‘all-hazards’ approach to a risk-informed approach, prioritizing resilience and action over mere information sharing; overhauling national continuity policy to modernize its framework, streamline operations, and right-size the federal footprint for sustained readiness, and evaluating national preparedness policies to reformulate the process and metrics for federal responsibility.
Additionally, the Order creates a National Risk Register to identify, describe, and measure risks to our national infrastructure, related systems, and their users to guide smarter spending and planning. It also streamlines federal functions so states and communities can work with Washington more easily and effectively.
Trump prescribed that within 90 days of the date of this order, the Assistant to the President for National Security Affairs (APNSA), in coordination with the Assistant to the President for Economic Policy and the heads of relevant executive departments and agencies (agencies), shall publish a National Resilience Strategy that articulates the priorities, means, and ways to advance the resilience of the nation. The National Resilience Strategy shall be reviewed and revised at least every four years, or as appropriate.
He also outlined that within 180 days of the date of this order, the APNSA, in coordination with the Director of the Office of Science and Technology Policy and the heads of relevant agencies, shall review all critical infrastructure policies and recommend to the President the revisions, recissions, and replacements necessary to achieve a more resilient posture; shift from an all-hazards approach to a risk-informed approach; move beyond information sharing to action; and implement the National Resilience Strategy.
The president detailed that for purposes of this order, “critical infrastructure policies do not include any policies related to purported ‘misinformation,’ ‘disinformation,’ or ‘malinformation,’ nor so-called ‘cognitive infrastructure,’ which should be reevaluated consistent with the policy set forth in Executive Order 14149 of January 20, 2025 (Restoring Freedom of Speech and Ending Federal Censorship), through a separate process.”
Trump also outlined that within 180 days of the date of this order, the APNSA, in coordination with the heads of relevant agencies, shall review all national continuity policies and recommend to the President the revisions, recissions, and replacements necessary to modernize and streamline the approach to national continuity capabilities, reformulate the methodology and architecture necessary to achieve an enduring readiness posture and implement the National Resilience Strategy.
The president also said that within 240 days of the date of this order, the APNSA, in coordination with the heads of relevant agencies and informed by the reports and findings of the Federal Emergency Management Agency Council established under Executive Order 14180 of January 24, 2025 (Council to Assess the Federal Emergency Management Agency), shall review all national preparedness and response policies and recommend to the President the revisions, recissions, and replacements necessary to reformulate the process and metrics for Federal responsibility, move away from an all-hazards approach, and implement the National Resilience Strategy.
The Executive Order said that within 240 days of the date of this order, the APNSA, in coordination with the director of the Office of Management and Budget (OMB) and the heads of relevant agencies, shall coordinate the development of a National Risk Register that identifies, articulates, and quantifies natural and malign risks to the country’s national infrastructure, related systems, and their users.
It noted that the quantification produced by the National Risk Register shall be used to inform the Intelligence Community, private sector investments, State investments, and Federal budget priorities. Like the National Resilience Strategy, the National Risk Register shall be reviewed and revised at least every four years, or as appropriate, to evolve with the dynamic risk landscape.
The Executive Order observed that the federal government organizes national preparedness and continuity through the bureaucratic and complicated lens of overlapping and overbroad ‘functions,’ which include the National Essential Functions, Primary Mission Essential Functions, National Critical Functions, Emergency Support Functions, Recovery Support Functions, and Community Lifelines.
It laid down that “Within 1 year of the date of this order, the Secretary of Homeland Security shall propose changes to the policies outlining this framework and any implementing documents to ensure State and local governments and individuals have improved communications with Federal officials and a better understanding of the Federal role.”
It noted that this proposal shall be coordinated through the process established by National Security Presidential Memorandum 1 of Jan. 20, 2025 (Organization of the National Security Council and Subcommittees), or any successor processes, before being submitted to Trump through the APNSA.
Since taking office, President Trump’s cybersecurity stance has been marked by leadership changes and policy shifts as he shapes his administration’s cybersecurity agenda. Kristi Noem was confirmed as Secretary of Homeland Security in a bipartisan vote that underscored a renewed emphasis on securing the nation’s digital infrastructure, while Trump nominated Sean Plankey to lead the Cybersecurity and Infrastructure Security Agency (CISA), signaling a focus on strengthening cyber defenses amid escalating threats.
Meanwhile, the Office of Management and Budget (OMB) retracted a federal funding freeze memo following a court injunction, easing uncertainty for critical cybersecurity programs. The Trump administration also dismantled the Cyber Safety Review Board (CSRB), raising concerns about the future of cybersecurity oversight and accountability.
