Trump's Cyber Security EO Lacks Substance

By Paula Bernier May 12, 2017

More than three months after President Trump was expected to sign a cyber security executive order he finally took pen to paper on this important topic. Unfortunately, it was not worth the wait, as this executive order does not seem to do much – if anything – to actually protect our national infrastructure and interests from cyber attacks.

Instead, it instructs agency heads to use the existing Commerce Department framework to manage risk to their systems, and to create and submit reports detailing how they plan to do that. And it calls for a review of the U.S. general vulnerabilities; a review of one of the country’s main cyber security adversaries; reports to be conducted on the cyber capabilities of the Department of Dense, of Homeland Security, and of the National Security Agency; and it talks about the need for further research on the need to train cyber security professionals. (And, in case you’re wondering, it doesn’t say anything about cyber security risks to elections.)

Here is an excerpt from the executive order:

Effective immediately, each agency head shall use The Framework for Improving Critical Infrastructure Cybersecurity (the Framework) developed by the National Institute of Standards and Technology, or any successor document, to manage the agency's cybersecurity risk. Each agency head shall provide a risk management report to the Secretary of Homeland Security and the Director of the Office of Management and Budget (OMB) within 90 days of the date of this order.  

Here’s another excerpt:

The Secretary of Homeland Security and the Director of OMB, consistent with chapter 35, subchapter II of title 44, United States Code, shall jointly assess each agency's risk management report to determine whether the risk mitigation and acceptance choices set forth in the reports are appropriate and sufficient to manage the cybersecurity risk to the executive branch enterprise in the aggregate.

 The Director of OMB, in coordination with the Secretary of Homeland Security, with appropriate support from the Secretary of Commerce and the Administrator of General Services, and within 60 days of receipt of the agency risk management reports outlined in subsection (c)(ii) of this section, shall submit to the President, through the Assistant to the President for Homeland Security and Counterterrorism, the following:

(A)  the determination; and

(B)  a plan to:

(1)  adequately protect the executive branch enterprise, should the determination identify insufficiencies;

(2)  address immediate unmet budgetary needs necessary to manage risk to the executive branch enterprise;

(3)  establish a regular process for reassessing and, if appropriate, reissuing the determination, and addressing future, recurring unmet budgetary needs necessary to manage risk to the executive branch enterprise; 

(4)  clarify, reconcile, and reissue, as necessary and to the extent permitted by law, all policies, standards, and guidelines issued by any agency in furtherance of chapter 35, subchapter II of title 44, United States Code, and, as necessary and to the extent permitted by law, issue policies, standards, and guidelines in furtherance of this order; and

(5)  align these policies, standards, and guidelines with the Framework.

                     Image via Bigstock

President Obama made similar suggestions during his time in office. And the fact that Trump’s executive order doesn’t go beyond prescribing more reports and studies upset Sen. John McCain, R-Arizona, chairman of the Armed Services Committee.

“We do not need more assessments, reports, and reviews,” NBC quoted McCain as saying.

“The threat is growing,” McCain added, “Yet we remain stuck in a defensive crouch forced to handle every event on a case-by-case basis and woefully unprepared to address these threats.”




Edited by Maurice Nagle

Executive Editor, TMC

SHARE THIS ARTICLE
Related Articles

Organizations Can Combat WannaCry & Jaff Ransomware With Well Instrumented DNS

By: Special Guest    5/22/2017

The Infoblox Intelligence Unit observed two global malware outbreaks on Friday, May 12. Although there is no indication that the two attacks were rela…

Read More

The WannaCry Attack Was Years in the Making

By: Kayla Matthews    5/19/2017

WannaCry doesn't operate like you'd expect. That is, it's not a seedy application or form of spam that self-installs on your computer because you clic…

Read More

Google Crosses Lines, Puts Google Assistant on iPhone

By: Steve Anderson    5/18/2017

Google threatens Siri's dominance on iPhone by offering Google Assistant on the device.

Read More

The Six Best Cities in the World for Tech Jobs

By: Larry Alton    5/18/2017

While Silicon Valley gets all of the attention, there are plenty of other tech destinations here in the U.S., as well as abroad. Let's take a brief lo…

Read More

India's Current Start-Up Scenario Compared to the US

By: Special Guest    5/16/2017

The burgeoning start-up scenario has undergone a paradigm shift globally. It has witnessed several shifts in the predominant trends throughout the las…

Read More