President Trump has signed an executive order on cybersecurity, homeland security adviser Tom Bossert announced Thursday at the press briefing.
The order was long awaited by the cybersecurity community. Drafts of the executive order have leaked since the first days of the Trump administration. The White House once even scheduled a signing ceremony, which was latter scrapped.
{mosads}
The cybersecurity executive order contains suggestions that are, by and large, considered good ideas by experts, including holding agency heads accountable for cybersecurity.
In the past, agency leaders often demurred to IT staff when problems arose.
A common criticism in the Senate is that the U.S. lacks of a guiding strategy for cyber defense, beyond making ad hoc decisions. It’s a complaint that dogged the Obama administration and was beginning to catch up to the Trump administration as well.
The executive order begins the process of developing one, and within 90 days a bevy of agencies will produce options for development.
Agencies will now follow the National Institute for Standards and Technology framework – a flexible set of guidelines developed by NIST, a part of the Department of Commerce. The guidelines were developed to be adaptable to any organization and are currently popular in the private sector.
The executive order tasks the departments of Commerce, Homeland Security, Defense, Labor and Education and the Office of Personnel Management with developing a plan to bolster the cybersecurity workforce. Homeland Security is also instructed to do wide audits of critical infrastructure for security.
A key feature of the order is emphasizing risk management. Homeland Security and the Office of Management and Budget will be charged with developing continuing regular audits to evaluate risk and whether budgetary constraints are adequate to meet that risk.
The order further prioritizes the modernization of federal networks and systems.
“Effective immediately, it is the policy of the executive branch to build and maintain a modern, secure, and more resilient executive branch IT architecture,” the order reads.
Last week, members of Congress led by Rep. Will Hurd (R-Texas) reintroduced legislation to fund modernization. Hurd has said he believes the bill may hit the floor as soon as next week.