The Business Software Alliance (BSA) identified a series of available executive actions the Trump Administration can take to improve cybersecurity at the outset of the new Administration.
Cybersecurity policy that seeks to unleash innovation and spur widespread adoption of technology can lead to a more secure digital ecosystem and allow businesses to focus on meaningful and effective cybersecurity risk management rather than box-checking compliance exercises.
To further bolster American competitiveness and security, the Administration should:
-
- Withdraw the US Securities and Exchange Commission cybersecurity incident reporting rule
- The SEC rule requiring that companies report material cyber incidents within four days of material determination on Form 8-K requires registrants to possibly report incomplete information at the outset of an incident. Disclosure and transparency are important — and public companies are and should be required to report material information — but requirements should not increase the likelihood that businesses report incomplete or misleading information or risk further exacerbating an incident.
- End the use of quasi-regulatory actions in cybersecurity
- Requirements like the Secure Software Development Attestation Form introduced during the previous Administration produce new requirements for American citizens and businesses without needed rulemaking processes. Ending these practices increases transparency and accountability to the American people.
- Harmonize existing and future cybersecurity regulations
- The Trump Administration should require US government agencies to map each existing and new cybersecurity regulation to internationally recognized standards or National Institute of Standards and Technology (NIST) standards or guidelines. The White House should further review existing and forthcoming cybersecurity regulations to make sure they are harmonized across the US government and implement mutual recognition processes between agencies.
- Define and publish the roles and responsibilities of the National Security Council (NSC) and Office of the National Cyber Director (ONCD)
- The Trump Administration should define the roles and responsibilities of the NSC and ONCD and publish them to provide clarity to the public. Having clear roles for both entities help to improve coordination and reduce duplicative US government work on cybersecurity.
- Advance use of artificial intelligence (AI) for cybersecurity
- The Trump Administration should issue a memorandum encouraging agencies to use AI to improve cybersecurity and protect the American people. Business-to-business technology companies are increasing investments in AI for cybersecurity, which can help government agencies serve citizens efficiently, effectively, and securely.
- Modernize government IT
- The Trump Administration should act swiftly to upgrade outdated IT to increase both the efficiency and the security of the US government. This should include withdrawing cybersecurity-related regulations that impede procurement without commensurate cybersecurity benefits. US government IT procurement should be forward-looking, agile, and harmonized across agencies.
- Withdraw the US Securities and Exchange Commission cybersecurity incident reporting rule
Read more in BSA’s 2025 Cybersecurity Legislative Agenda here.
