Trump's Cyber Security EO Lacks Substance

By

More than three months after President Trump was expected to sign a cyber security executive order he finally took pen to paper on this important topic. Unfortunately, it was not worth the wait, as this executive order does not seem to do much – if anything – to actually protect our national infrastructure and interests from cyber attacks.

Instead, it instructs agency heads to use the existing Commerce Department framework to manage risk to their systems, and to create and submit reports detailing how they plan to do that. And it calls for a review of the U.S. general vulnerabilities; a review of one of the country’s main cyber security adversaries; reports to be conducted on the cyber capabilities of the Department of Dense, of Homeland Security, and of the National Security Agency; and it talks about the need for further research on the need to train cyber security professionals. (And, in case you’re wondering, it doesn’t say anything about cyber security risks to elections.)

Here is an excerpt from the executive order:

Effective immediately, each agency head shall use The Framework for Improving Critical Infrastructure Cybersecurity (the Framework) developed by the National Institute of Standards and Technology, or any successor document, to manage the agency's cybersecurity risk. Each agency head shall provide a risk management report to the Secretary of Homeland Security and the Director of the Office of Management and Budget (OMB) within 90 days of the date of this order.  

Here’s another excerpt:

The Secretary of Homeland Security and the Director of OMB, consistent with chapter 35, subchapter II of title 44, United States Code, shall jointly assess each agency's risk management report to determine whether the risk mitigation and acceptance choices set forth in the reports are appropriate and sufficient to manage the cybersecurity risk to the executive branch enterprise in the aggregate.

 The Director of OMB, in coordination with the Secretary of Homeland Security, with appropriate support from the Secretary of Commerce and the Administrator of General Services, and within 60 days of receipt of the agency risk management reports outlined in subsection (c)(ii) of this section, shall submit to the President, through the Assistant to the President for Homeland Security and Counterterrorism, the following:

(A)  the determination; and

(B)  a plan to:

(1)  adequately protect the executive branch enterprise, should the determination identify insufficiencies;

(2)  address immediate unmet budgetary needs necessary to manage risk to the executive branch enterprise;

(3)  establish a regular process for reassessing and, if appropriate, reissuing the determination, and addressing future, recurring unmet budgetary needs necessary to manage risk to the executive branch enterprise; 

(4)  clarify, reconcile, and reissue, as necessary and to the extent permitted by law, all policies, standards, and guidelines issued by any agency in furtherance of chapter 35, subchapter II of title 44, United States Code, and, as necessary and to the extent permitted by law, issue policies, standards, and guidelines in furtherance of this order; and

(5)  align these policies, standards, and guidelines with the Framework.

                     Image via Bigstock

President Obama made similar suggestions during his time in office. And the fact that Trump’s executive order doesn’t go beyond prescribing more reports and studies upset Sen. John McCain, R-Arizona, chairman of the Armed Services Committee.

“We do not need more assessments, reports, and reviews,” NBC quoted McCain as saying.

“The threat is growing,” McCain added, “Yet we remain stuck in a defensive crouch forced to handle every event on a case-by-case basis and woefully unprepared to address these threats.”




Edited by Maurice Nagle

Executive Editor, TMC

SHARE THIS ARTICLE
Related Articles

Generative AI Expo Launches as Newest Event in the ITEXPO #TECHSUPERSHOW

By: TMCnet News    1/27/2023

Generative AI Expo is the starting point for you research the countless potentially game-changing pillars that may solidify generative AI as THE indis…

Read More

Can Machine Learning Models Help Fight Cybercrime?

By: Contributing Writer    1/25/2023

A machine learning model is a mathematical representation of a system or process that is trained to make predictions or decisions based on data. It is…

Read More

What Are the Risks of Continuous Deployment?

By: Contributing Writer    1/25/2023

Continuous deployment (CD) is a software development practice where code changes are automatically built, tested, and deployed to production without h…

Read More

The Benefits of Implementing a Master Data Management Platform

By: Contributing Writer    1/19/2023

A master data management (MDM) platform is invaluable for any business. By centralizing data into one cohesive system, companies can improve their ope…

Read More

What Is an SBOM and Why Is It Critical for Software Compliance

By: Contributing Writer    1/17/2023

An SBOM, or software bill of materials, is a list of all the components and dependencies that make up a piece of software. This can include things lik…

Read More