On June 6, 2025, President Trump issued an Executive Order (“Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144”) (the “Order”) that modifies certain initiatives in prior Executive Orders issued by Presidents Obama and Biden and highlights key cybersecurity priorities for
Continue Reading White House Issues New Cybersecurity Executive Order
Ryan Burnette
Ryan Burnette is a government contracts and technology-focused lawyer that advises on federal contracting compliance requirements and on government and internal investigations that stem from these obligations. Ryan has particular experience with defense and intelligence contracting, as well as with cybersecurity, supply chain, artificial intelligence, and software development requirements.
Ryan also advises on Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS) compliance, public policy matters, agency disputes, and government cost accounting, drawing on his prior experience in providing overall direction for the federal contracting system to offer insight on the practical implications of regulations. He has assisted industry clients with the resolution of complex civil and criminal investigations by the Department of Justice, and he regularly speaks and writes on government contracts, cybersecurity, national security, and emerging technology topics.
Ryan is especially experienced with:
Government cybersecurity standards, including the Federal Risk and Authorization Management Program (FedRAMP); DFARS 252.204-7012, DFARS 252.204-7020, and other agency cybersecurity requirements; National Institute of Standards and Technology (NIST) publications, such as NIST SP 800-171; and the Cybersecurity Maturity Model Certification (CMMC) program.
Software and artificial intelligence (AI) requirements, including federal secure software development frameworks and software security attestations; software bill of materials requirements; and current and forthcoming AI data disclosure, validation, and configuration requirements, including unique requirements that are applicable to the use of large language models (LLMs) and dual use foundation models.
Supply chain requirements, including Section 889 of the FY19 National Defense Authorization Act; restrictions on covered semiconductors and printed circuit boards; Information and Communications Technology and Services (ICTS) restrictions; and federal exclusionary authorities, such as matters relating to the Federal Acquisition Security Council (FASC).
Information handling, marking, and dissemination requirements, including those relating to Covered Defense Information (CDI) and Controlled Unclassified Information (CUI).
Federal Cost Accounting Standards and FAR Part 31 allocation and reimbursement requirements.
Prior to joining Covington, Ryan served in the Office of Federal Procurement Policy in the Executive Office of the President, where he focused on the development and implementation of government-wide contracting regulations and administrative actions affecting more than $400 billion dollars’ worth of goods and services each year. While in government, Ryan helped develop several contracting-related Executive Orders, and worked with White House and agency officials on regulatory and policy matters affecting contractor disclosure and agency responsibility determinations, labor and employment issues, IT contracting, commercial item acquisitions, performance contracting, schedule contracting and interagency acquisitions, competition requirements, and suspension and debarment, among others. Additionally, Ryan was selected to serve on a core team that led reform of security processes affecting federal background investigations for cleared federal employees and contractors in the wake of significant issues affecting the program. These efforts resulted in the establishment of a semi-autonomous U.S. Government agency to conduct and manage background investigations.
CISA Releases AI Data Security Guidance
On May 22, 2025, the Cybersecurity and Infrastructure Security Agency (“CISA”), which sits within the Department of Homeland Security (“DHS”) released guidance for AI system operators regarding managing data security risks. The associated press release explains that the guidance provides “best practices for system operators to mitigate cyber risks through…
Continue Reading CISA Releases AI Data Security GuidanceApril 2025 Cybersecurity Developments Under the Trump Administration
This is the third blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the new Trump Administration. This blog describes key cybersecurity developments that took place in April 2025.
NIST Publishes Initial Draft of Guidance for High Performance Computing Systems
U.S. National…
Continue Reading April 2025 Cybersecurity Developments Under the Trump AdministrationApril 2025 AI Developments Under the Trump Administration
This is part of an ongoing series of Covington blogs on the AI policies, executive orders, and other actions of the Trump Administration. This blog describes AI actions taken by the Trump Administration in April 2025, and prior articles in this series are available here.
White House OMB Issues…
Continue Reading April 2025 AI Developments Under the Trump AdministrationROUTERS Act on the Horizon: U.S. House Passes New Legislation
Last Monday, April 28, 2025, the House passed a bill titled Removing Our Unsecure Technologies to Ensure Reliability and Security (“ROUTERS”) Act (H.R. 866), which directs the Secretary of Commerce to study national security risks and cybersecurity vulnerabilities “posed by consumer routers, modems, and devices that combine a modem and router, that are designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the influence of a covered country.” Similar to some other recent supply chain requirements imposed on federal contractors, the bill defines “covered countries” by reference to 10 U.S.C. 4872, which prohibits the acquisition of sensitive materials from North Korea, Russia, Iran, and China.Continue Reading ROUTERS Act on the Horizon: U.S. House Passes New Legislation
March 2025 Cybersecurity Developments Under the Trump Administration
This is the second blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the new Trump Administration. This blog describes key cybersecurity developments that took place in March 2025.
Trump Administration Executive Order on Achieving Efficiency
On March 19, 2025, the Trump…
Continue Reading March 2025 Cybersecurity Developments Under the Trump AdministrationMarch 2025 AI Developments Under the Trump Administration
This is part of an ongoing series of Covington blogs on the AI policies, executive orders, and other actions of the Trump Administration. This blog describes AI actions taken by the Trump Administration in March 2025, and prior articles in this series are available here.
White House Receives Public…
Continue Reading March 2025 AI Developments Under the Trump AdministrationOMB Issues First Trump 2.0-Era Requirements for AI Use and Procurement by Federal Agencies
On April 3, the White House Office of Management and Budget (“OMB”) released two memoranda with AI guidance and requirements for federal agencies, Memorandum M-25-21 on Accelerating Federal Use of AI through Innovation, Governance, and Public Trust (“OMB AI Use Memo“) and Memorandum M-25-22 on Driving Efficient Acquisition of Artificial…
Continue Reading OMB Issues First Trump 2.0-Era Requirements for AI Use and Procurement by Federal AgenciesFebruary 2025 AI Developments Under the Trump Administration
This is part of an ongoing series of Covington blogs on the AI policies, executive orders, and other actions of the Trump Administration. The first blog summarized key actions taken in the first weeks of the Trump Administration, including the revocation of President Biden’s 2023 Executive Order 14110 on the “Safe, Secure, and Trustworthy Development and Use of AI” and the release of President Trump’s Executive Order 14179 on “Removing Barriers to American Leadership in Artificial Intelligence” (“AI EO”). This blog describes actions on AI taken by the Trump Administration in February 2025.Continue Reading February 2025 AI Developments Under the Trump Administration
January and February 2025 Cybersecurity Developments Under the Biden and Trump Administrations
This is the first in a new series of Covington blogs on cybersecurity policies, executive orders, and other actions of the new Trump Administration. This blog describes key cybersecurity developments that took place in January and February 2025. Below, we outline three developments affecting cybersecurity in January and February 2025, including one from the Biden Administration, which has not been rescinded.
Biden Administration Issues Second Cybersecurity Executive Order
On January 16, in one of the final acts of the Biden Administration, the White House issued Executive Order (”EO”) 14144 on “Strengthening and Promoting Innovation in the Nation’s Cybersecurity.” EO 14144 expands on the National Cybersecurity Strategy and EO 14028, Improving the Nation’s Cybersecurity, which we first previously wrote about here. This new EO requires a range of additional security enhancements to U.S. government and supporting digital infrastructure, including improving accountability for software and cloud service providers, strengthening the security of Federal communications and identity management systems, and promoting innovative developments and use of emerging technologies for cybersecurity across agencies and with the private sector. Continue Reading January and February 2025 Cybersecurity Developments Under the Biden and Trump Administrations