The Trump administration has moved swiftly to issue numerous executive orders in its first several weeks, but one critical topic remains absent: cybersecurity.

While the Department of Government Efficiency has been tasked with “modernizing federal technology and software to maximize government efficiency and productivity,” little direction has been provided on cybersecurity priorities. Without clear federal cyber guidance, agencies and industry partners are left without a roadmap, potentially increasing their vulnerability to evolving threats and creating uncertainty around strategies and budgets.

The Current Threats Agencies Face

Cyber threats are growing and becoming more sophisticated. A recent study found that 88 percent of organizations experienced one or more ransomware attacks in the past three to 12 months. Agencies are not isolated from such attacks. According to a recent hearing from the House Committee on Homeland Security, federal agencies were the third-most targeted sector for ransomware attacks in 2023.

The current administration itself was a target of a cyber incident during their campaign. To keep pace with adversaries, agencies must have guidance in place now, not tomorrow and certainly not a year or two.

The administration has demonstrated their ability to drive change rapidly – since Jan. 20 they have taken a blowtorch to the slow, glacial pace of how government typically operates. That same sense of urgency must be applied to cybersecurity.

Simultaneously, as the administration focuses on efficiency, it’s important they foster an environment that allows agencies to work efficiently on their cybersecurity strategies. Without clear guidance, agencies risk misallocating resources, pursuing misaligned objectives, or even taking a “wait and see” approach. The administration needs to provide clarity on existing cybersecurity directives: Should agencies continue current initiatives, expect modifications, or prepare for an entirely new security framework?

Consequently, the Trump administration has taken cybersecurity seriously in the past. The first Trump administration published EO13800 on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, which outlined ways to reduce national cybersecurity risk and modernize federal IT infrastructure. This order was carried through the Biden administration and played a role in shaping agencies cybersecurity strategies. The question remains: Does the Trump administration have different cybersecurity priorities for its second term?

The Budgetary Impact

The lack of cybersecurity guidance also has direct budgetary implications. Federal cybersecurity funding has long been inconsistent, with agencies struggling to secure dedicated resources for modernization. Without a clear direction from the administration, agencies may delay cybersecurity investments, leading to additional inefficiencies and increased threat exposure. There's also the risk of wasteful spending, as agencies might invest in solutions that later require replacement to comply with new directives. Long-term budget planning becomes particularly challenging without understanding strategic priorities.

Furthermore, cyber is absent in the Senate budget framework – leaving agencies in the dark and potentially creating a ripple effect across both government and industry.

Navigating the Uncertainty

Industry partners and contractors are also experiencing challenges. Some contractors have already experienced disruptions through contract terminations and stop work orders. Should the administration implement guidance that significantly diverges from previous directives, contractors may face additional delays due to shifting priorities.

However, there are still steps that agencies, industry partners, and contractors can take to mitigate cyber risks. At a time where tensions are high, and resources limited, continuing with cyber hygiene basics is more important than ever.