Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

Trump Finally Signs Overdue Executive Order About 'The Cyber'

Illustration for article titled Trump Finally Signs Overdue Executive Order About The Cyberem/em

President Donald Trump signed an executive order on Thursday aimed at strengthening the cybersecurity of the federal government, according to the White House.

Advertisement

A copy of the document distributed to a White House press list and later posted on the White House website details Trump’s first attempt to develop a protocol for defending the U.S. against malicious hackers and securing the nation’s critical infrastructure.

In January, after receiving the U.S. intelligence community’s assessment of Russian interference in the 2016 election, Trump had promised that “within 90 days of taking office” he would require a team of cybersecurity experts to offer up a plan. That deadline passed nearly a month ago.

Advertisement

The arrival of the order comes after perhaps one of the worst weeks for the Trump administration politically, two days after the firing of FBI Director James Comey.

The document states that henceforth risk management decisions throughout the government will be managed as an “executive branch enterprise,” adding that the federal government has “for too long accepted antiquated and difficult–to-defend IT.”

It also imposes on all agencies a 90-day process for the implementation of a cybersecurity framework developed by the National Institute of Standards and Technology (NIST), a non-regulatory body charged with developing cybersecurity standards for the federal government.

Within 90 days, each federal agency must complete a number of tasks, including the presentation of a plan to implement the NIST framework, a report on operational and budgetary considerations, as well as provide historical records of all “risk mitigation and acceptance choices made by each agency head.”

Advertisement

Those reports will be collected by the secretary of homeland security, retired Marine Corps Gen. John Kelly, as well as the Office of Management and Budget (OMB), and used to generate an overall assessment of the government’s cybersecurity strengths and weaknesses.

The federal government is also charged with assessing the “authorities and capabilities” that agencies can employ to support the defense of critical infrastructures.

Advertisement

The president’s order is “long on reporting, short on policy,” according to Mike Baukes, co-CEO of the California-based security firm UpGuard.

Baukes said that it also falls short of what Trump promised during the campaign: “The policy does not do much more than acknowledge we have antiquated systems and require agencies to do a self-assessment.”

Advertisement

He adds: “If the U.S. government is truly interested in pursuing cyber resilience it will need to recognize cyber risk as a complex threat which touches virtually all users of all digital platforms, not merely the nation’s most critical infrastructure.”

For those counting, the word “cyber” is contained in the executive order a total of 39 times.

Advertisement

Senior Reporter, Privacy & Security

Share This Story

Get our newsletter

DISCUSSION

rzmmdxleetuber
Rzmmdx Leetuber

All agencies in 90 days?

Including the VA department?

HA. Good luck meeting that deadline anytime soon unless Jared Kusher comes back from preventing the Heat Death of the Universe thus revealing himself to be Yahweh.