President Donald Trump signed an executive order (EO) on March 18 that seeks to shift some responsibilities for risk management from the Federal government to state and local governments through the creation of a new “National Resilience Strategy” and a review of government’s critical infrastructure and preparedness policies.
The National Resilience Strategy is set to be published within the next 90 days, according to Trump’s EO issued on Tuesday evening, and would outline priorities and methods to improve the United States’ resilience to disasters – including those caused by cyberattacks.
Following its debut, the strategy will be reviewed and updated at least every four years, according to the EO.
The new strategy will be launched in tandem with shifting the responsibility of disaster response and preparedness from the Federal Emergency Management Agency (FEMA) to state and local governments. That move builds on vows Trump made in January to “begin the process of fundamentally reforming and overhauling FEMA, or maybe getting rid of them.”
“Commonsense approaches and investments by State and local governments across American infrastructure will enhance national security and create a more resilient Nation,” reads Trump’s EO. “Federal policy must rightly recognize that preparedness is most effectively owned and managed at the State, local, and even individual levels, supported by a competent, accessible, and efficient Federal Government.”
Trump has also called for a review of all infrastructure, continuity, and preparedness policies to “modify and simplify” Federal approaches – which he said would be aligned with the National Resilience Strategy upon its publishing.
The policy review aims to shift national critical infrastructure policy from an “all-hazards” approach to a “risk-informed” approach. This would prioritize resilience and action over what the White House called “mere information sharing.”
It would additionally overhaul national continuity policy to “modernize its framework, streamline operations, and right-size the federal footprint for sustained readiness.”
A “National Risk Register” will be also deployed to help identify, describe, and measure risks to critical infrastructure and their related systems and uses, according to the EO. The register will be developed within the next 240 days by Michael Waltz, assistant to the president for national security affairs, and Russell Vought, director of the Office of Management and Budget, and other agency heads.
Waltz, alongside Ryan Baasch, special assistant to the president for economic policy, has also been charged with developing the National Resilience Strategy with coordination across the “heads of relevant executive departments and agencies.”
State and local government organizations reported the lowest rate of attacks against all sectors in 2024, with 34 percent of organizations reporting they were hit with ransomware assaults last year compared to 69 percent in 2023, according to a report from cybersecurity company Sophos.
Shortly after taking office, Trump propped up a “review council” to oversee FEMA’s performance by including industry participation and directing council members to evaluate FEMA’s disaster response against those done by private companies.
It is unclear what the cost burden to states and local governments would look like with the shift in responsibility, with the EO not providing any details.
Traditionally, states and local governments have shared the cost of disaster-related expenses with FEMA typically covering around 75 percent according to the latest numbers available by the Government Accountability Office.
Certain states would be hit harder than others with funding cuts from the Federal government according to recent analysis from the Carnegie Disaster Dollar Database, showing that Louisiana, Florida, and Texas received the most in Federal disaster relief funds between 2015 to 2024.
