White House Puts Spotlight on Shared Responsibility: Cybersecurity and Infrastructure Preparedness to Include States, Local Governments, and Individuals

The White House has issued a new executive order, Achieving Efficiency Through State and Local Preparedness, which promotes a shared responsibility for disaster preparedness across state, local, and individual efforts with federal support, and it highlights cyberattacks as a risk requiring preparation and resilience.

The order calls for “commonsense approaches and investments by state and local governments,” emphasizing risk-informed strategies that build resilience in critical systems.  Cybersecurity is highlighted as a key concern, and the order underscores the importance of collaborative efforts—across federal, state, local, and individual levels—to strengthen cybersecurity infrastructure and preparedness. As stated in the executive order, “Federal policy must rightly recognize that preparedness is most effectively owned and managed at the State, local, and even individual levels, supported by a competent, accessible, and efficient Federal Government.”

The order mandates the creation of a “National Risk Register”— a comprehensive assessment of the most critical risks, both natural and man-made, facing U.S. infrastructure. As cyberattacks are one of the most significant threats to national security, this initiative is expected to help states and businesses make risk-informed decisions, potentially leading to greater investment in cyber defenses. 

“The ball is now in our court,” said Lee Kim, Senior Principal Cybersecurity and Privacy, HIMSS. “We have power, so we must be responsible and proactive stewards of our technology and data. We need to not only protect the data but also leverage the data to ensure the best possible patient outcomes in the age of artificial intelligence and an ever-changing threat landscape — including both physical and virtual threats,” Lee Kim, Senior Principal of Privacy and Security, HIMSS.

The executive order also calls for revising and streamlining federal security frameworks and preparedness operations to reduce complexity. By revising federal frameworks, the administration seeks to improve communication between federal, state and local governments and officials.

For businesses, particularly those in healthcare and critical infrastructure, this strategy means working more closely with state and local governments to align security strategies. State- and local-led initiatives are expected to play a greater role in protecting personal data, preventing fraud, strengthening cybersecurity posture, and improving response and resilience.