All
Cyber Security
news items
Cybersecurity, rules, United States
2 min

How does the U.S. government deal with cybersecurity

Developments in the USA can also be expected in the Netherlands in a few years. This has been true for technology for some time, but it also applies to laws and regulations. What are the developments in the US, and what can we learn from them?
Published on:
24/2/25

Developments in the USA can also be expected in the Netherlands in a few years. This has been true for technology for some time, but it also applies to laws and regulations. There is currently a lot going on in Europe, such as NIS2 (Cyberbeveiligingswet), DORA, Cyber Resiliency Act and the AI Act. But what are the developments in the US, and what can we learn from them?

One of former President Biden's last activities was a presidential decision (executive order) to enhance cybersecurity and stimulate innovation in this regard. It is unclear what the Trump administration will do with this decision, but the content is interesting.

I noticed a number of things when reviewing this decision with regard to Dutch and EU legislation:

  • Directly naming the attacker /enemy. China is clearly identified as the main (digital) enemy against which the United States must defend itself;
  • Speed: in many parts, the decision includes an adjustment of procedures, standards or an adjustment of government procurement programs in the short term (from 30 to 150 days). Now, with a presidential decision, this is easier than a new law, but decision-making still shows the urgency; making improvements quickly is the motto;
  • Concrete and new cybersecurity measures. Focus on new developments and technologies, such as Zero Trust, move to TLS 1.3 as soon as possible and support for post quantum cryptography;
  • Promoting Innovation: the government promotes innovation in cyber security by allowing government organizations to participate in pilots and making datasets available themselves. For example, pilots are organized for “Rules as Code”, and for “Phishing resistant authentication - WebAuthn
  • Space: cyber security of space technology is mentioned on several points;
  • IoT: IoT devices must have a ”Cyber Trust Mark“ (by January 4, 2027), this is a similar rule to CE mark from EU's Cyber Resiliency Act (CRA). CE is a general label for compliancy with EU rules (including cybersecurity). Moreover, it is almost identical to the Chinese Export logo. Cyber Trust Mark, is a better description for what it is intended for;
  • A.I: and lastly, specific attention to Artificial Intelligence. Both the securing of AI (such as the use of known cyber security measures for AI systems) are described, but also the use of AI in cyber defense.

News letter
Receive a short update on digital reslience 1x per month
Read our privacy policy.
Bedankt voor uw inschrijving!
Oops! er ging iets mis bij het versturen.
All news items

Contact us

Do you have any questions? We are happy to assist you and will contact you soon.
Bedankt, uw bericht is ontvangen!
Oeps, er is iets mis gegaan. Probeer het a.u.b. nog een keer.