President Donald Trump signed his long anticipated cybersecurity executive order on Thursday, which aims to modernize network infrastructure across agencies and develop specific security practices for the federal government in general.
This directive, appearing just over three months into Trump’s tenure, is the first step of its kind for the Trump administration and a product of the president’s campaign trail promise to improve U.S. cybersecurity practices. It is neither dramatic nor ambitious. Rather, it appears to strictly follow the policy arrangement of former President Barack Obama, although it will hold federal department heads accountable for cybersecurity management.
Agencies and departments are ordered to deliver risk assessment reports within the next 90 days, to identify capabilities and vulnerabilities. Next steps, in terms of improving systems, will begin from there. While that is ongoing, the president has ordered each agency to immediately adopt the 2014 National Institute of Standards and Technology’s standards framework to lean on private sector expertise.
A separate review of critical infrastructure protections, from the electricity grid, the financial sector, and the FBI, is also due but in six months.
It also aims to better protect critical infrastructure, such as the energy grid and financial sector, from sophisticated attacks that officials have long warned could pose a national security threat or cripple parts of the U.S. economy.
In recent years, government networks have suffered severe data breaches and have been repeatedly infiltrated by criminals and hackers representing the interests of foreign governments.
During the 2016 presidential election, major hacks targeted the Democratic National Committee and John Podesta, campaign chairman for Trump’s Democratic rival Hillary Clinton. These hacks, and the mass email dumps that followed were deemed to be part of what the U.S. intelligence community identified as Russian-backed backed efforts to interfere with the election process in favor of Trump. Trump has reluctantly confirmed Russia’s involvement.
White House Homeland Security Advisor Tom Bossert, therefore, was keen to emphasise on Thursday that the order was not “Russia-motivated.”
Attending the White House press briefing, Bossert said that the directive would seek to put in place strategies to combat threats and to both modernise as well as centralize federal systems. According to Politico, around 80 percent of the enormous $80 billion government IT budget is dedicated to maintaining aging systems.
“A lot of progress was made in the last administration, but not nearly enough,” Bossert told reporters.
“We’ve seen increasing attacks from allies’ adversaries, primarily nation states, but also non-nation state actors, and sitting by and doing nothing is no longer an option,” he continued. “We spend a lot of time and inordinate money protecting antiquated and outdated systems. … Modernizing is imperative to our security.”
The executive order was due to be signed in January, just days after Trump took office, but was postponed. The directive in its current form expands on the same policies contained earlier draft leaked in April; according to Reuters, this can be credited to the input of experts and federal advisors.
Read the order in full below: