President Trump was expected to sign yet another executive order yesterday. This time the order related to the nation’s cybersecurity. But it didn’t happen.
The Washington Post published the new administration’s draft of the order, reporting that the president was expected to sign it yesterday at its cybersecurity meeting. But since then several media outlets, including the Post, reported that Trump would not be signing the order after all.
The draft executive order, titled “Strengthening U.S. Cyber Security and Capabilities” talks about America’s civilian government institutions and critical infrastructure being vulnerable to attacks from state and non-state actors.
“The Federal Government has a responsibility to defend America from cyberattacks that could threaten U.S. national interests or cause significant damage to Americans’ personal or economic security,” the draft says. “The responsibility extends to protecting both privately and publicly operated critical networks and infrastructure. At the same time, the need for dynamism, flexibility, and innovation in cyber security demands the government exercise its responsibility in close cooperation with private sector entities.”
The draft goes on to say: “The executive departments and agencies tasked with protecting civilian government networks and critical infrastructure are not currently organized to act collectively/collaboratively, tasked, or resourced, or provided with legal authority adequate to succeed in their missions.”
The executive order draft goes on to call for an immediate review of the most critical U.S. cyber vulnerabilities. And it calls for the Secretary of Defense to submit within 60 days of the order, initial recommendations for the protection of U.S. national security systems.
It also calls for the Secretary of Homeland Security to do the same regarding initial recommendations for enhanced protection of the most critical civilian federal government, public, and private sector infrastructure, other than U.S. national security systems. And it calls for the Director of National Intelligence to submit a report on the identities, capabilities, and vulnerability of principal U.S. cyber adversaries within 60 days of the signing of the order as well.
The new administration did not comment on why President Trump opted not to sign the executive order or whether or when he might do so in the future.