Trump administration to score agencies on cybersecurity

A White House adviser said Wednesday that the Trump administration will develop metrics to track federal agencies’ implementation of a federal cybersecurity framework.

Thomas Bossert, an adviser to President Trump on homeland security and counterterrorism, said that the new administration will require agencies and departments to abide by the framework developed by the National Institute of Standards and Technology (NIST) and report back to the White House on their adoption and implementation of the cybersecurity recommendations. 

The aide said the move is part of a larger effort by Trump to treat the entire federal network as its own entity and safeguard it from cyber threats.

{mosads}“We’re going to go through a thoughtful approach that requires federal departments and agencies to adopt and implement cybersecurity framework developed by NIST and any subsequent iteration of that document,” Bossert said at a cybersecurity summit organized by the Center for Strategic and International Studies in Washington. “They’re going to be required to produce for us a report.”

The report will be submitted to the Department of Homeland Security (DHS), the Office of Management and Budget (OMB) and the White House, and will serve as a “scorecard” to assess agencies’ cybersecurity efforts, Bossert said.

The administration will develop metrics with which to rate the agencies on cybersecurity, but likely will not disclose them publicly, he added.

“The idea here of defending the collective federal enterprise as opposed to the agency and department enterprises, the idea is to defend our crown jewels from a national security perspective,” Bossert said.

Bossert offered clues on the forthcoming cybersecurity executive order — which was abruptly delayed in January — and outlined Trump’s cybersecurity priorities during a keynote address at the event, which brought together current and formal officials and industry leaders.

The private sector has anxiously awaited the release of an updated executive order, drafts of which have circulated for weeks. Bossert on Wednesday offered no timeline for the order’s release. 

Trump’s transition team announced in December that the president had chosen Bossert, a former national security adviser to former President George W. Bush, as an assistant to the president on homeland security and counterterrorism.  

On Wednesday, the aide said that Trump’s priorities on cybersecurity are controlling and protecting federal networks and their data; safeguarding critical infrastructure; and securing the nation generally from cyber threats. 

The new administration will focus on modernizing government IT infrastructure and making sure agencies are properly resourced to efficiently tackle cybersecurity, Bossert said. He also noted that Trump’s budget request, set to be released Thursday, will include funding for cybersecurity through DHS and the Department of Defense. 

The new administration also plans to partner with industry leaders, owners of critical infrastructure, and state and local governments on cybersecurity. Bossert signaled the White House’s desire to engage with companies in Silicon Valley, despite some leading technology companies’ vocal opposition to Trump’s agenda. 

“We have no problem coordinating with them regardless of their political stripe,” Bossert said.