Today, President Trump intended to issue an Executive Order to address cyber security but the signing of the order has been postponed. Here are all the details about the Cybersecurity Executive Order you have to know.
The busy day at the White House has been dominated with an important cybersecurity briefing aimed at explaining President Trump’s intentions on how to address cyber-security.
Cybersecurity has been a major concern for years, following cyber-attacks by Russia, China, and many other present threats on the homeland.
It should be noted that some have criticized Trump for not mentioning Russia in the draft of this still pending executive order, but the order doesn’t actually mention any particular countries.
This morning, a White House official opened the briefing on the cyber security stating that the idea of the Executive Order is to hold the heads of federal agencies accountable for managing their cyber risk. The EO will direct agencies to manage their cyber risk using the cybersecurity framework set by the National Institute of Standards and Technology (NIST).
It has been suggested that cybersecurity framework has become a de facto industry standard across numerous sectors of the economy. Therefore, the EO will direct the director of the Office of Management and Budget (OMB) to assess and manage the collective risk of the federal executive branch.
The key distinction of the Cybersecurity Executive Order
Under existing statute, each agency head is responsible for managing their enterprise as an enterprise risk management function. Some of these are very large enterprises.
The key distinction with the Cybersecurity EO is that it is asking now for the Office of Management and Budget (OMB) director to lead an effort in assessing the enterprise risk for the entire federal government. Not just the judiciary or the legislative branch, but for the entire executive branch.
The idea here is that the Trump administration wants to be informed and be able to assess the risk for the entire enterprise at the federal executive branch.
- deliberate modernization of the federal executive branch IT.
The Executive order also directs the agency heads to begin planning for the deliberate modernization of the federal executive branch IT. Working with the assistant to the president for intergovernmental affairs and technology initiatives, this will be critical, and it’s a long overdue step, important for the ability to secure our networks and data. It’s also a cost-efficiency.
- prevention of the catastrophic cyber incidents
The executive order further directs the secretary of Homeland Security and other agency heads to engage with the owners and operators of the most essential of critical infrastructure entities.
The goal of this engagement is to develop ways to protect the entities from catastrophic cyber incidents and respond to those incidents that nevertheless do occur.
- advancing the cybersecurity of our nation’s critical infrastructure
Cybersecurity Executive Order also directs the Department of Commerce, the Department of Defense and other agencies to take a number of initial steps to advance the cybersecurity of our nation’s critical infrastructure, consider ways of deterring adversaries, and to promote and open, valuable internet.”
Main questions about Cybersecurity Executive Order
- Will it cost a lot of money?
It will cost money over time, but so would the cost to maintain very old and difficult to defend networks and software. The heads of agencies will need to come to Congress with a plan to modernize IT in their respective departments and agencies.
- What role, if any, will Congress play in terms of legislation?
Congress will be particularly crucial to funding. They will have the responsibility of ensuring that new IT modernization is worth the cost.
- Does internet language impact net neutrality?
The intention is to work with other nations who support a free and open internet to ensure that other nations who do not share those values cannot undermine the cyber security of those that do.
- What are main differences between what happened before and the future?
A number of these recommendations have been made by CSIS, in 2009, and again by President Obama’s commission led by Tom Donilon and Sam Palmisano again in 2016. So the changes are in management philosophy, in enterprise risk management, and modernizing federal IT. Not that that’s something previous presidents haven’t tried, but President Trump has a plan for accomplishing it.
- New on critical infrastructure?
The Executive Order will ask the Sec. of Homeland Security and others to work with leaders of the public and private sector to provide them with the necessary resources to protect the infrastructure that they manage. This includes the electric grid.
What is President Trump saying?
At the roundtable on cyber-security President Trump held today, he said that he will hold his cabinet secretaries and agency heads accountable for the cyber security of their organizations.
“We must protect federal networks and data. We operate these networks on behalf of the American people and they are very important. We will empower these agencies to modernize their IT systems for better security and other uses. We will protect our critical infrastructures such as power plants and electrical grids. The electrical grid problem is a problem but we’ll have it solved relatively soon. We must work with the private sector, the private sector is way ahead of government, in this case, to make sure that owners and operators of critical infrastructure have the support they need from the federal government to defend against cyber threats. Now I think a pretty good example of this is despite how they spent hundreds and hundreds of millions of dollars more money than we did, the Democratic National Committee was hacked successfully, very successfully, and terribly successfully. And the Republican National Committee was not hacked. Meaning it was hacked, but they failed. It was reported, I believe, by Reince and other people that it was hacked, but we had a very strong defense system against hacking, ” said President Trump
Giuliani began his remarks stating: “A large part of our country, unlike other countries, is made up of the private sector. And the private sector is wide open to hacking, and sometimes by hacking the private sector, you get into government. So we can’t do this separately. And you were wise enough that we should have a council where we could bring in the private sector, they can explain to you the problems they have, they can explain to the administration the solutions they have, which in some cases may be better than the government’s and in some cases they will not be as good as the government’s. Plus we can search around the world, including countries like Israel and places where they’re doing a lot to advance cyber security analysis. We can look for long-term solutions.”
Giuliani insisted that “by speaking out on this and holding regular meetings on it and using the bully pulpit, the presidency, you get the private sector to wake up. Some of the private sectors have to wake up to the fact that they have to do more.”
Following this briefing in the Roosevelt Room, Gen. Alexander addressed the press pool stating that it was a “great honor” to participate in the listening session on cyber security.“I only wish all the people in the United States could see what he does and what he did there,” he said.
In the years ahead, cyber security will become ever more crucial to the way of life of ordinary citizens, as well as the ability of the government to function. Many worries that America’s power grid could be hacked, effectively shutting down large portions of the country for lengthy periods of time, making the US highly vulnerable to deadly terrorist attacks to follow.