Trump's Cyber Security EO Lacks Substance

By

More than three months after President Trump was expected to sign a cyber security executive order he finally took pen to paper on this important topic. Unfortunately, it was not worth the wait, as this executive order does not seem to do much – if anything – to actually protect our national infrastructure and interests from cyber attacks.

Instead, it instructs agency heads to use the existing Commerce Department framework to manage risk to their systems, and to create and submit reports detailing how they plan to do that. And it calls for a review of the U.S. general vulnerabilities; a review of one of the country’s main cyber security adversaries; reports to be conducted on the cyber capabilities of the Department of Dense, of Homeland Security, and of the National Security Agency; and it talks about the need for further research on the need to train cyber security professionals. (And, in case you’re wondering, it doesn’t say anything about cyber security risks to elections.)

Here is an excerpt from the executive order:

Effective immediately, each agency head shall use The Framework for Improving Critical Infrastructure Cybersecurity (the Framework) developed by the National Institute of Standards and Technology, or any successor document, to manage the agency's cybersecurity risk. Each agency head shall provide a risk management report to the Secretary of Homeland Security and the Director of the Office of Management and Budget (OMB) within 90 days of the date of this order.  

Here’s another excerpt:

The Secretary of Homeland Security and the Director of OMB, consistent with chapter 35, subchapter II of title 44, United States Code, shall jointly assess each agency's risk management report to determine whether the risk mitigation and acceptance choices set forth in the reports are appropriate and sufficient to manage the cybersecurity risk to the executive branch enterprise in the aggregate.

 The Director of OMB, in coordination with the Secretary of Homeland Security, with appropriate support from the Secretary of Commerce and the Administrator of General Services, and within 60 days of receipt of the agency risk management reports outlined in subsection (c)(ii) of this section, shall submit to the President, through the Assistant to the President for Homeland Security and Counterterrorism, the following:

(A)  the determination; and

(B)  a plan to:

(1)  adequately protect the executive branch enterprise, should the determination identify insufficiencies;

(2)  address immediate unmet budgetary needs necessary to manage risk to the executive branch enterprise;

(3)  establish a regular process for reassessing and, if appropriate, reissuing the determination, and addressing future, recurring unmet budgetary needs necessary to manage risk to the executive branch enterprise; 

(4)  clarify, reconcile, and reissue, as necessary and to the extent permitted by law, all policies, standards, and guidelines issued by any agency in furtherance of chapter 35, subchapter II of title 44, United States Code, and, as necessary and to the extent permitted by law, issue policies, standards, and guidelines in furtherance of this order; and

(5)  align these policies, standards, and guidelines with the Framework.

                     Image via Bigstock

President Obama made similar suggestions during his time in office. And the fact that Trump’s executive order doesn’t go beyond prescribing more reports and studies upset Sen. John McCain, R-Arizona, chairman of the Armed Services Committee.

“We do not need more assessments, reports, and reviews,” NBC quoted McCain as saying.

“The threat is growing,” McCain added, “Yet we remain stuck in a defensive crouch forced to handle every event on a case-by-case basis and woefully unprepared to address these threats.”




Edited by Maurice Nagle
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Executive Editor, TMC

SHARE THIS ARTICLE
Related Articles

Can Science Outsmart Deepfake Deceivers? Klick Labs Proposes an Emerging Solution

By: Alex Passett    3/25/2024

Researchers at Klick Labs were able to identify audio deepfakes from authentic audio recordings via new vocal biomarker technology (alongside AI model…

Read More

Top 5 Best Ways to Integrate Technology for Successful Project-Based Learning

By: Contributing Writer    3/19/2024

Project-based learning, also popularly known as the PBL curriculum, emphasizes using and integrating technology with classroom teaching. This approach…

Read More

How to Protect Your Website From LDAP Injection Attacks

By: Contributing Writer    3/12/2024

Prevent LDAP injection attacks with regular testing, limiting access privileges, sanitizing user input, and applying the proper encoding functions.

Read More

Azure Cost Optimization: 5 Things You Can Do to Save on Azure

By: Contributing Writer    3/7/2024

Azure cost optimization is the process of managing and reducing the overall cost of using Azure. It involves understanding the resources you're using,…

Read More

Massive Meta Apps and Services Outage Impacts Users Worldwide

By: Alex Passett    3/5/2024

Meta's suite of apps and services are experiencing major global outages on Super Tuesday 2024.

Read More