Government
,
Industry Specific
Experts Say Biden’s Cyber, Tech and AI Legacy Faces Uncertain Future Under Trump

A month before President Joe Biden took office, the U.S. government warned that Russian state-sponsored hackers had breached SolarWinds in an unprecedented cyberattack on American networks. The attack affected the Fortune 500 companies, U.S. government agencies and hospitals that installed the malicious software update, allowing the backdoor to spread unnoticed.
See Also: State combines On-Prem and Multi-Cloud Data for Comprehensive Security
The new president ordered a comprehensive investigation and pledged to hold Russia accountable. A series of sanctions and law enforcement actions unfolded during his first months in office, including an executive order on improving the nation’s cybersecurity.
Four years later, Biden leaves the White House as he entered – confronting major cyberattacks, now largely tied to Beijing, with an executive order targeting rising threats (see: Final Biden Cybersecurity EO Uses Federal Purchasing Power). Biden’s cyber and technology legacy now largely hinges on President-elect Donald Trump and which of the initiatives and last-minute policies he chooses to uphold.
Biden’s cyber agenda sought to shift security responsibilities from end users to software developers and those best placed to tackle growing threats with the help of improved public-private information sharing. The president spearheaded government-wide modernization and efficiency initiatives with digital-first, cloud-first and AI-led approaches.
While the Biden administration made progress on key cybersecurity challenges, the results have been mixed, with a vision for improvement often not backed by implementation, said Jordan Burris, general manager of the public sector at Socure and former chief of staff to the U.S. CIO.
“Many of the Biden administration’s initiatives lacked the structural and bipartisan buy-in necessary for long-term durability,” Burris told Information Security Media Group. Federal efforts around zero-trust adoption and critical infrastructure protection hinge on sustained funding and collaboration, which could falter under a new administration.
“Last minute executive orders serve as more of a messaging document rather than a practical approach to implementation,” he said.
As Biden shaped U.S. tech policy over the last four years, the European Union enhanced its own product liability directives to hold software providers liable for any harm caused by vulnerabilities in their products, regardless of fault, across the supply chain – including open source – potentially transforming the global software market to encourage stronger cybersecurity. CISA waffled on transparency and liability, with little progress made on even basic transparency efforts such as software bills of materials, according to Jeff Williams, co-founder and CTO of Contrast Security.
“While cybersecurity is often a bipartisan issue, the influence of the technology industry on the new administration is likely to create significant pushback on any policies that are perceived burdens and legal exposure to industry,” Williams said. “I suspect that any initiatives that directly affect technology implementation, such as ‘secure by design’ and ‘zero trust’ initiatives, are likely to be significantly weakened in the new administration.”
The president’s push to modernize federal systems and boost government efficiency may be hindered by what some analysts see as a reactive stance toward the major cyberattacks that have defined his tenure. Current and former federal officials who helped draft Biden’s final cybersecurity order said many of its provisions should have been enacted long before his final days in office (see: Final Biden Cybersecurity Order Will Face Political Hurdles).
Instead of adopting an aggressive attack-back approach, Biden focused primarily on enforcing sanctions in response to the surge of ransomware attacks targeting U.S. hospitals, financial institutions, and government systems. His final cyber executive order included a significant expansion of sanction authorities to enforce penalties against anyone complicit in ransomware operations or cyberattacks targeting U.S. systems and critical infrastructure (see: Biden Boosts Sanctions Powers to Target Cyber Underground).
The incoming administration’s cyber strategy could sharply break from Biden’s, as experts warn of escalating global threats under a second Trump presidency. Security researchers say Trump’s return may embolden the Kremlin to intensify cyberattacks on Moldova and other pro-European nations. Regional groups in the Middle East are ramping up DDoS attacks on Israeli allies and Iran is covertly targeting Western infrastructure to deter support for Israel (see: How Global Threat Actors May Respond to a Second Trump Term).
China has also overtaken the U.S. in critical technology research, with experts calling it a “stunning shift” as Beijing cements its dominance after two decades of rapid investment. It remains to be seen whether the next administration will build on Biden’s cyber strategy in the face of these challenges or dismantle it entirely, rolling back key initiatives and reshaping the nation’s approach to digital security.