Trump's Cyber Security EO Lacks Substance

By Paula Bernier May 12, 2017

More than three months after President Trump was expected to sign a cyber security executive order he finally took pen to paper on this important topic. Unfortunately, it was not worth the wait, as this executive order does not seem to do much – if anything – to actually protect our national infrastructure and interests from cyber attacks.

Instead, it instructs agency heads to use the existing Commerce Department framework to manage risk to their systems, and to create and submit reports detailing how they plan to do that. And it calls for a review of the U.S. general vulnerabilities; a review of one of the country’s main cyber security adversaries; reports to be conducted on the cyber capabilities of the Department of Dense, of Homeland Security, and of the National Security Agency; and it talks about the need for further research on the need to train cyber security professionals. (And, in case you’re wondering, it doesn’t say anything about cyber security risks to elections.)

Here is an excerpt from the executive order:

Effective immediately, each agency head shall use The Framework for Improving Critical Infrastructure Cybersecurity (the Framework) developed by the National Institute of Standards and Technology, or any successor document, to manage the agency's cybersecurity risk. Each agency head shall provide a risk management report to the Secretary of Homeland Security and the Director of the Office of Management and Budget (OMB) within 90 days of the date of this order.  

Here’s another excerpt:

The Secretary of Homeland Security and the Director of OMB, consistent with chapter 35, subchapter II of title 44, United States Code, shall jointly assess each agency's risk management report to determine whether the risk mitigation and acceptance choices set forth in the reports are appropriate and sufficient to manage the cybersecurity risk to the executive branch enterprise in the aggregate.

 The Director of OMB, in coordination with the Secretary of Homeland Security, with appropriate support from the Secretary of Commerce and the Administrator of General Services, and within 60 days of receipt of the agency risk management reports outlined in subsection (c)(ii) of this section, shall submit to the President, through the Assistant to the President for Homeland Security and Counterterrorism, the following:

(A)  the determination; and

(B)  a plan to:

(1)  adequately protect the executive branch enterprise, should the determination identify insufficiencies;

(2)  address immediate unmet budgetary needs necessary to manage risk to the executive branch enterprise;

(3)  establish a regular process for reassessing and, if appropriate, reissuing the determination, and addressing future, recurring unmet budgetary needs necessary to manage risk to the executive branch enterprise; 

(4)  clarify, reconcile, and reissue, as necessary and to the extent permitted by law, all policies, standards, and guidelines issued by any agency in furtherance of chapter 35, subchapter II of title 44, United States Code, and, as necessary and to the extent permitted by law, issue policies, standards, and guidelines in furtherance of this order; and

(5)  align these policies, standards, and guidelines with the Framework.

                     Image via Bigstock

President Obama made similar suggestions during his time in office. And the fact that Trump’s executive order doesn’t go beyond prescribing more reports and studies upset Sen. John McCain, R-Arizona, chairman of the Armed Services Committee.

“We do not need more assessments, reports, and reviews,” NBC quoted McCain as saying.

“The threat is growing,” McCain added, “Yet we remain stuck in a defensive crouch forced to handle every event on a case-by-case basis and woefully unprepared to address these threats.”




Edited by Maurice Nagle

Executive Editor, TMC

SHARE THIS ARTICLE
Related Articles

Two Technologies That Showcase Good VR Could Cost $20K

By: Rob Enderle    6/23/2017

This month, there were two interesting product announcements. The first was in regard to very high-resolution displays that should arrive in VR headse…

Read More

Popularity of Voice Recognition Gadgets Highlights Need for Speech Analytics

By: Kayla Matthews    6/21/2017

Voice-activated personal assistant platforms such as Amazon's Alexa continue to grow in popularity, making lives easier in all sorts of ways. As such …

Read More

Can Machine Learning Defuse the Ticking Time Bomb of Open Recalls?

By: Special Guest    6/20/2017

Did you know that 150 million vehicles have been recalled in the USA since 2014? That's 38 percent of all the cars in America. And, according to Recal…

Read More

Technology and Ties: 5 Reasons Gen X is Taking Over in Business

By: Special Guest    6/20/2017

The generational clash in the workplace between Millennials and Baby Boomers gets all the hype. It reminds me of the debate over who would win - Muham…

Read More

For Amazon-Whole Foods' Future, Look to Zappos, Not Robots

By: Doug Mohney    6/19/2017

Amazon's bid for Whole Foods is obvious and brilliant. There's a lot of crazy talk about how Whole Foods will get turned into people-less stores like …

Read More