Trump Administration Shifts Cybersecurity Responsibilities to States

​In March 2025, President Donald Trump signed an executive order titled “Achieving Efficiency Through State and Local Preparedness,” which significantly shifts cybersecurity responsibilities from the federal government to state and local authorities. This policy change has sparked widespread concern among cybersecurity experts and state officials.​Yahoo+6Inside Government Contracts+6The White House+6

Key Elements of the Executive Order

• Decentralization of Cybersecurity Duties: The executive order mandates that state and local governments take a more active role in preparing for and responding to cyber threats, including attacks on critical infrastructure and election systems .​
• Development of a National Resilience Strategy: Within 90 days, the Assistant to the President for National Security Affairs is tasked with creating a National Resilience Strategy, aiming to modernize and simplify federal approaches to infrastructure and preparedness policies .​Government Executive+4Inside Government Contracts+4BankInfoSecurity+4
• Establishment of a National Risk Register: The order calls for the creation of a National Risk Register to track risks to national infrastructure and prioritize focus and spending .​Inside Government Contracts+1The Trump Administration: First 100 Days+1

Concerns and Criticisms

• Lack of Preparedness Among States: A 2023 Nationwide Cybersecurity Review revealed that only 22 out of 48 participating states met the recommended levels of cybersecurity preparedness. Experts argue that many states lack the resources and expertise to handle sophisticated cyber threats independently .​Michigan Advance
• Reduction in Federal Support: The executive order coincides with cuts to federal cybersecurity programs, including grants and support from agencies like the Cybersecurity and Infrastructure Security Agency (CISA). This reduction in support raises concerns about states’ abilities to manage cybersecurity threats effectively .​
• Expert Opinions: Samir Jain, Vice President of Policy at the Center for Democracy & Technology, stated, “The notion that the federal government could just withdraw and expect states and localities to step in is just not realistic” .​Michigan Advance

Implications

The shift in cybersecurity responsibilities may lead to inconsistencies in how states handle cyber threats, potentially creating vulnerabilities in national security. The move also raises questions about the federal government’s role in supporting states and ensuring a cohesive national cybersecurity strategy.​

For more detailed information, you can refer to the full executive order and related analyses:​BankInfoSecurity+2The Trump Administration: First 100 Days+2CyberScoop+2

• White House Fact Sheet on the Executive Order
• Michigan Advance Article on State Preparedness
• CyberScoop Analysis of the Executive Order