Trump's new executive order looks to improve government cyber defenses
It mostly demands a lot of report writingBy Rob Thubron 25 comments
From the 2015 Office of Personnel Management hack to Russia's interference in the election, the US government and its agencies don't have the best reputation when it comes to network security. To try and improve the situation, President Trump has signed an executive order intended to "strengthen the cybersecurity of federal networks and critical infrastructure."
The order directs that heads of federal agencies have 90 days to prepare reports explaining how they plan to adopt The Framework for Improving Critical Infrastructure Cybersecurity, a guidance document developed by the National Institute of Standards and Technology (NIST) to protect against hacking threats.
Once the reports are filed, the Secretary of Homeland Security and the Director of the Office of Management and Budget will present the information to the President within another 60 days.
The order also aims to bolster the defenses of critical infrastructure such as the energy grid, financial sector, and health networks.
"We've seen increasing attacks from allies and adversaries, primarily nation-states, and sitting by and doing nothing is no longer an option," said White House homeland security advisor Tom Bossert, who added that the order builds on efforts introduced by the former Obama administration, which encouraged but didn't require agencies to adopt the NIST framework.
Additionally, the order commissions a survey to determine the feasibility of updating government IT systems to shared services and network models.
Many experts and digital advocacy groups welcomed the order, but there are those that say it doesn't go far enough, offering only incremental changes to what's already in place.
"The action does not touch several critical areas, like the insecurity of 'Internet of Things' devices, data breaches, or vulnerability disclosure," said Drew Mitnick, policy counsel at Access Now.
Last month, it was reported that Trump's 90-day deadline for the report had passed. When asked if the revised new order - arriving in the wake of FBI Director James Comey's firing - came about as part of the Russian hacking investigation, Bossert said "It wasn't a Russia-motivated issue. It was a United States of America-motivated issue."