Trump EO on Preparedness and Resilience Could Signal Major Shifts in Federal Role

March 25, 2025

On March 19, 2025, the White House released Executive Order (EO) 14239, Achieving Efficiency Through State and Local Preparedness, which calls for a comprehensive review of and changes to many long-standing federal preparedness and infrastructure protection doctrines and policies. The EO prioritizes reallocating preparedness and resilience responsibilities to the state, local, and individual levels, stating that those stakeholders have a better understanding of the needs of citizens. Potential revisions to these policies could impact various critical infrastructure sectors – including communications, transportation, water, and energy, among others – through, for example, inclusion or removal from a new “risk register,” the “National Critical Functions” (NCF), designation as a “Systemically Important Entity” (SIE), or through changes to how federal, state, and local governments coordinate with a sector on preparedness and emergency response matters. The EO could result in a reformulation of the processes that are intended to prioritize how resources and engagement are used to make U.S. infrastructure, communities, and the economy more resilient.

Key Elements of the EO:

  • Policy Statement: The EO declares that the policy of the United States is to have “State and local governments and individuals play a more active and significant role in national resilience and preparedness.” It sets the goal of streamlined preparedness operations and reducing complexity in federal government policies. It also sets a goal of using “risk-informed decisions” to “make our infrastructure, communities, and economy resilient to global and dynamic threats and hazards,” while moving away from the current “all-hazards” approach.  
  • National Resilience Strategy: The Assistant to the President for National Security Affairs (National Security Advisor) and Assistant to the President for Economic Policy must publish a National Resilience Strategy within 90 days (by June 17, 2025) “that articulates the priorities, means, and ways to advance national resilience.”
  • Review of Critical Infrastructure Policies: The National Security Advisor and the head of the Office of Science and Technology Policy (OSTP) are responsible for reviewing “all critical infrastructure policies” within 180 days (by September 15, 2025) and revising those policies to transition from an “all-hazards” approach to a “risk-informed” approach.
    • Among the policies specified for review are: Homeland Security Presidential Directive 5 of February 28, 2003 (Management of Domestic Incidents); Presidential Policy Directive (PPD) 8 of March 30, 2011 (National Preparedness); National Security Memorandum (NSM) 22 of April 30, 2024 (Critical Infrastructure Security and Resilience); and PPD 44 of November 7, 2016 (Enhancing Domestic Incident Response).
    • Many of the policies being reviewed, such as HSPD 5 and PPD 44, have been key pillars for coordinating the federal response between, for instance, the Department of Homeland Security and the Department of Justice. NSM 22 revoked PPD 21 (Critical Infrastructure Security and Resilience) and updated critical infrastructure security and resilience policy to account for the creation of the Cybersecurity Infrastructure and Security Agency (CISA). The review of these seminal critical infrastructure policies could signal a significant change in federal roles and responsibilities with an increased emphasis on information sharing.
  • National Continuity Policy: The National Security Advisor must review “all national continuity policies” within 180 days (by September 15, 2025) and “modernize and streamline the approach to national continuity capabilities.” Among the policies specified for review is EO 13618 of July 6, 2012 (Assignment of National Security and Emergency Preparedness Communications Functions), which established a framework for ensuring that the federal government can communicate effectively during times of crisis. The order assigned specific roles to various agencies – including the National Coordinating Center for Communications, which is now part of CISA – to monitor national and international incidents that may impact emergency communications.
  • Preparedness and Response Policy: The National Security Advisor must review “all national preparedness and response policies” within 240 days (by November 14, 2025) to “reformulate the process and metrics for Federal responsibility, move away from an all-hazards approach, and implement the National Resilience Strategy.” This review will similarly encompass the allocation of roles and responsibilities between lead federal agency responders to domestic incidents, special security events, and national preparedness.
  • National Risk Register: The EO tasks the National Security Advisor and Office of Management and Budget with developing a “National Risk Register” that “articulates and quantifies natural and malign risks to our national infrastructure, related systems, and their users,” within 240 days (by November 14, 2025).
    • The EO provides for the Risk Register to be used to inform the Intelligence Community, “private sector” and “State” investments, as well as federal budget priorities.
    • Further, development of the Risk Register could involve new or modified assessments of risk to a sector.
  • National Functions: The Secretary of Homeland Security must propose changes to “overlapping and overbroad ‘functions’” – including the “Emergency Support Functions” (ESF) and NCFs. The changes must “ensure State and local governments and individuals have improved communications with Federal officials and a better understanding of the Federal role.”

Considerations for Critical Infrastructure:

The policy reviews directed by the EO could result in dramatic changes to policies that provide guidance and direction on federal department and agency roles and responsibilities as well as federal coordination with state and local governments and particular sectors. For instance, the EO could result in changes to the ESFs of some sectors during incidents requiring a coordinated federal response, or to documents that rely on these policies as authorities, such as the proposed revision to the National Cyber Incident Response Plan.

Revisions to the NCF list could impact critical infrastructure sectors which have in the past worked with DHS on analysis related to the designation of an NCF the sector has a role in providing.

Revisions to the NCFs could impact other designation processes applicable to all critical infrastructure sectors such as for SIE, which CISA is required to undertake under NSM 22 as a process to identify critical infrastructure that, if disrupted or malfunctioning, would “cause nationally significant and cascading negative impacts to national security (including national defense and continuity of Government), national economic security, or national public health or safety.” NSM 22 anticipates the SIE designation being tied to increased regulatory expectations. Consequently, the inclusion of NSM 22 in the review of critical infrastructure policies is an area many critical infrastructure organizations are closely watching, as it may signal a fundamental refocusing of CISA’s functions, potential regulatory actions, and interactions with other federal, state, and local entities.

In sum, the EO establishes a process and timelines for a broad review and rewriting of policy on national preparedness and resiliency, which can have significant impact on critical infrastructure and the way sectors interact with the federal government on continuity, communications, and response. Chief among the changes anticipated is a reallocation to state and local governments of a streamlined role in preparedness, sweeping away functions the Administration has identified as opaque and unnecessary layers of bureaucracy. The additional shift from an all-hazards approach to a risk-informed approach, if successful, could allow a more targeted and efficient use of resources. Moreover, the review and policy change under the EO comes at a time when critical infrastructure and federal, state, and local governments will need to respond to increasing cyber threats that can have physical impacts.

Wiley Connect

Sign up for updates

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek