From Politico:

Brandon Pugh, policy counsel for the R Street Institute’s cyber and emerging threats team, told MC that government agencies have several hurdles in meeting the EO’s encryption and multi-factor authentication requirements: They need to balance their regular duties with cyber compliance, they need more money and cyber personnel and they’re dealing with outdated technologies.

“This is a culture shift for many federal agencies,” said Pugh, a former legislative counsel with the New Jersey General Assembly Minority office. “While they should happen extremely quickly, it’s a tough sell to say, ‘You need to do this now within a period of weeks or months or even a year.’”