The order prioritizes extensive policy reviews, the introduction of a National Resilience Strategy and National Risk Register, and increased reliance on state and local governments to strengthen national infrastructure.
On March 18, 2025, President Trump issued an executive order titled “Achieving Efficiency Through State and Local Preparedness” (the Order). This Order encourages state and local governments, along with individual citizens, to invest in preparing for and mitigating against various risks to the national infrastructure, such as cyberattacks, weather events, and other hazards.
The first executive order to directly touch on cybersecurity, the Order is one of many recent directives focused on promoting administrative efficiency (for our latest roundup, see our blog post Week 9 in Review). The Order also adds to the growing list of executive orders and White House actions aimed at enhancing national security, as previewed in the “America First Investment Policy” memorandum, which we cover here.
While emphasizing that state and local governments and individuals should “play a more active and significant role in national resilience and preparedness,” much of the Order outlines steps the federal government must take in the coming months to streamline preparedness operations and develop national policies, as summarized below.
National Resilience Strategy
The Order instructs the Assistant to the President for National Security Affairs (APNSA), who serves as the principal adviser to the president on national security issues, to publish a National Resilience Strategy within 90 days of the Order.
While the Order does not dictate the required contents of the National Resilience Strategy, the strategy is intended to articulate the priorities, means, and ways to advance the resilience of the nation, and is likely meant to serve as a replacement to the Biden administration’s National Resilience Strategy, which was issued on January 18, 2025. Following a mandated review of all national preparedness and response policies, the APNSA must implement the National Resilience Strategy within 240 days of the Order.
Critical Infrastructure Policy
The Order directs the APNSA to coordinate a review of all critical infrastructure policies, with the goal of moving away from an all-hazards approach to a risk-informed approach. The Order explicitly exempts from review any policy falling under President Trump’s executive order “Restoring Freedom of Speech and Ending Federal Censorship,” under which those policies will be separately reviewed.
Continuity Policy
Within 180 days of the Order, the APNSA must coordinate a review of all national continuity policies, including those specified in previous administrations’ executive orders “Assignment of National Security and Emergency Preparedness Communications Functions” and “Governance and Integration of Federal Mission Resilience” as well as the National Security Memorandum 32 of January 19, 2025 (National Continuity Policy).
National Risk Register
Within 240 days of the Order, the APNSA must coordinate the development of a National Risk Register. While the United States does not currently have a single register that acts as a national risk assessment and management tool, several federal agencies have existing tools for categorizing significant potential risks. These include the Federal Emergency Management Agency’s National Risk Index, which identifies the US communities most at risk for natural disasters, and the National Risk Management Center of the Cybersecurity and Infrastructure Security Agency (CISA), which is aimed at identifying and mitigating risks to the American cyber and physical infrastructure. It is unclear whether the Trump administration will seek to consolidate or replace these or similar risk assessment tools with the planned National Risk Register.
Federal National Functions
In the spirit of reducing bureaucratic inefficiencies and waste along with promoting improved communications with state and local governments, the Order directs the Secretary of Homeland Security to propose changes to several policies related to national preparedness, including those governing the National Essential Functions, Primary Mission Essential Functions, National Critical Functions, Emergency Support Functions, Recovery Support Functions, and Community Lifelines. The Secretary must submit this proposal within one year of the Order.
Key Takeaways
Although the Order does not directly alter the federal government’s approach to preparing for and responding to critical infrastructure risks like cyberattacks, the emphasis on state and local government preparedness suggests that these entities may need to fill gaps left by potential reductions in national government funding and support for emergencies. This action is in line with CISA’s recent cuts to federal funding to an information-sharing center focused on cybersecurity, which has historically provided critical services to state and local governments such as threat advisories, dark-web scanning, malware analysis, discounted endpoint detection, and other important services that the federal government does not provide.
As these significant policy changes unfold, we will continue to closely monitor developments and assess their implications.