Trump Cybersecurity Executive Order Calls For Review Of Security Of Government Agencies, Infrastructure
President Donald Trump signed an executive order Thursday requiring a review of U.S. cybersecurity capabilities to bolster protections for critical infrastructure from cyberattacks.
The order marks the first action Trump has taken to address cybersecurity, which he has referred to as a top priority for the country. He promised an order regarding cybersecurity protocol within his first 90 days in office but missed the self-imposed deadline.
One of the primary changes presented by the order deals with the chain of command for risk management decisions, which will now run through the executive branch.
The order declares the federal government has “for too long accepted antiquated and difficult–to-defend IT [information technology]” and will task all federal agencies with getting up to speed with requirements established by the National Institute for Standards and Technology (NIST). Agencies are expected to submit reports on their risks within 90 days.
Agencies will also be expected to examine the impact of moving forward in a shared information technology environment where cloud computing is more common and data can be at risk. The order encourages government agencies to work with private sector enterprises to develop strategies that mitigate the risk of attack.
Infrastructure is also a point of emphasis in the order as the administration aims to enhance cybersecurity protections to the energy grid and financial institutions to prevent cyberattacks that could pose a physical or economic security risk to the country.
Read: Trump Android Cell Phone: Unsecure Smartphone Use Should Be Investigated, Congressman Says
Thursday’s order bears some resemblance to a previous draft of a cybersecurity order that was expected to be signed in February but ultimately delayed for additional input from security professionals.
The delay appears to have improved the order, as it received mostly warm reviews from security experts.
Jake Olcott, the vice president of security ratings company BitSight and former legal adviser to the Senate Commerce Committee and counsel to the House of Representatives Homeland Security Committee, told International Business Times the order is “ smart policy” and “a big win” for the Trump administration.
“The initiatives being put forth will help to bring the United States federal government and its agencies into the 21st century when it comes to protecting data and systems,” Olcott said. “The executive order brings some of the best initiatives from the private sector and applies them to the government.”
Chris Risley, the CEO of enterprise security firm Bastille, told IBT the Department of Homeland Security already has gotten out in front of the order and begun working to secure government and nongovernment critical infrastructure. Bastille specifically is working with DHS to protect infrastructure that is vulnerable to radio spectrum attacks.
Not all reviews of the order have been as positive. Privacy advocacy group Access Now said Trump “continues to trip over cybersecurity” and the administration has “continually undermined” government efforts to improve the security of the internet.
“The measures in the executive order will serve as incremental changes to existing policies while the Trump administration has otherwise either ignored or undermined pressing digital security threats internet users face,” Drew Mitnick, policy counsel at Access Now said in a statement. “The action does not touch several critical areas, like the insecurity of ‘internet of things’ devices, data breaches or vulnerability disclosure.”
© Copyright IBTimes 2024. All rights reserved.