NEWS, SPORTS, COMMENTARY, POLITICS for Gloucester City and the Surrounding Areas of South Jersey and Philadelphia

Daniel J. Sullivan, III, 68, of Clayton
Philadelphia Police Investigating Arson / Homicide Investigation

AI and Encryption Safeguards Scrapped as Trump Dismantles Federal Cyber Policy

Screenshot 2025-06-15 080116

The executive order signed recently strips out key pieces of a national tech directive issued just days before Biden left office, halting instructions that would have expanded agency control over software supply tracking, digital identity frameworks, and AI system accountability.

While some post-quantum standards remain intact, most of the operational requirements tied to data verification and risk modeling have been cut, triggering confusion inside departments already preparing for compliance audits under the prior mandate.

For institutions midstream in upgrades, the sudden shift has forced a scramble, not only in technical planning but in how risk is communicated across networks that no longer follow the same federal direction.

The ripple effect is reaching sectors where system access and identity protection are foundational to day-to-day operations, especially in spaces where data exposure carries financial risk and user access has to remain uninterrupted, regardless of shifting regulations.

Security models used by casinos that allow VPN reflect the same logic, designed to insulate activity through encrypted channels without depending on external protocols to stay functional. Their approach assumes that federal alignment can change at any moment, so protection is handled directly within the system itself, treating privacy as a structural necessity in environments where oversight is unstable.

The executive order’s shift deeply unsettles internal agency plans, bringing changes that, at least on paper, promise to reorient federal cybersecurity toward targeted action.

Instead of sweeping mandates, the order pares back the Biden-era demands tied to software inventories and AI auditing, yet it retains narrow but significant elements, such as hardening defense protocols against foreign cyber threats under Executive Order 13694, and modifications to EO 14144 that keep post-quantum cryptography and secure software architecture in focus.

That recalibration places new pressure on the National Institute of Standards and Technology, which now has until August 1 to stand up an industry consortium building on its Secure Software Development Framework, and until September to update its landmark SP 800‑53 on deploying patches at scale.

Beyond that, the administration slowed—but did not stop—efforts to label IoT devices with a trusted mark and maintain digital trust. At the same time, the scope of sanctions under EO 13694 has been narrowed to “foreign persons,” drawing criticism from analysts warning this move could weaken the U.S. stance on hostile cyber campaigns.

On one front, many cloud and federal vendors remain in limbo. Firms awaiting CISA’s software attestations now face unclear deadlines, and the removal of mandates tied to the Federal Acquisition Regulation leaves their compliance engines idle.

Contracts built around digital ID systems for public services are now on indefinite hold, a change that cybersecurity attorneys say could reduce accountability in identity theft cases. Even as some AI-driven vulnerability tracking remains intact, broader implementation blueprints have been shelved, stalled within systems that resist intervention.

Gloucester’s own setups have already felt the shift. Several local departments had begun aligning upgrades with the previous federal requirements, and now find themselves stuck between half-implemented tools and no clear replacement plan.

As those adjustments stall, defensive measures are being recast as voluntary incentives. Agencies still have to submit a list of products equipped with post‑quantum cryptography and lay out how internet routing protections will be upgraded by December. Federal News Network reports that CISA is now encouraging procurement teams to embed quantum-safe standards into contracts, even as only a few have moved past pilot testing.

Industry analysts warn this voluntary shift may stall without clear deadlines: Trump’s order stops short of mandating adoption, easing budget scrutiny but also raising doubts over actual uptake.

CISA’s Post‑Quantum Cryptography Initiative, launched this summer, aims to guide offices through risk assessment, vendor surveys, and policy design—part of a broader pivot to “crypto‑agile” frameworks—but officials say the impact will depend on whether federal teams follow through.

For now, the framework exists more as a signal than a standard. In the absence of firm direction, federal cybersecurity drifts in uncertainty, with federal teams patching gaps, procurement cycles slowing, and places like Gloucester still waiting for clarity that has yet to arrive.

Comments