Cyber security was issued as a top priority by President Trump during his campaign, and once he entered the White House. This executive order is his first meaningful attempt to address this issue that threaten the country’s critical infrastructure on a daily basis.
The order proposes a wealth of changes to the cyber security practices of US government agencies, such as moving federal cyber security to the cloud. Indeed, the order calls for an examination of the impact of moving agencies to the cloud.
The ultimate aim of this is to succeed where many said the last administration failed. Trump’s ambition is to significantly improve the often-caught-out network security of the US government.
Indeed, the hacking and subsequent release of personal data from departments with the US government has drastically climbed over the years, as cyber attackers have become more sophisticated and more persistent.
The order will also seeks to bolster the defence of critical infrastructure, like the electricity grid, which is often a target for hackers. Adequately protecting these is imperative to maintain national welfare.
The contents of the order have drawn praise from the majority of cyber security experts. In the initial phases, it seems Trump has not underestimated the threat. It was meant to signed in January, for example. But Trump held off in order to gain more insight from experts.
Amit Yoran, CEO of Tenable Network Security said that “It’s clear that the U.S. needs a fundamental change in the way we approach cyber. President Trump’s executive order on cyber security, released today, is an important step toward addressing the biggest cybersecurity challenges.”
“America currently spends over $80 billion per year on federal IT, but money alone won’t improve cyber security. Change can only happen if security is prioritised at the highest levels of government. This new executive order has the potential to force federal agencies to rethink their security strategies and to address today’s elastic attack surface.”
The order also seeks to fight fire with fire. So, while the order outlines various defensive strategies, it also strategies a cyber deterrent contingent. This would be developed alongside the US and its allies.
In the Obama administration, the private sector was encouraged to adopt the National Institute of Standards and Technology (NIST), which required organisations to assess and manage their cyber risk, and prepare a report within 90 days and how they would implement it.
Now, federal agencies must use this same framework to help mitigate the risk.
Government agencies would now “practice what they preach,” Tom Bossert, Trump’s homeland security adviser told reporters during a White House briefing. “A lot of progress was made in the last administration, but not nearly enough.”
>See also: Trump and tech: what to expect?
Bossert also said that the suspected involvement of Russian hackers in the Presidential Election and the run up to it was not the sole reason for this order: “the Russians are not our only adversary on the internet.”
This is, of course, true. This executive order outlines a plan to not only protect the US and it’s citizens, but provide a platform to go on the offensive.
Yoran looks beyond this and suggests the directive should be viewed as an opportunity. “The single biggest opportunity facing the new administration is modernisation, which requires smart investments in security technologies that can help government agencies understand and reduce their cyber risk.”
“As agencies embrace modern IT, including shared cloud services and internet-enabled devices, it is important to understand the changes in the attack surface and embrace new opportunities to enhance security.”
“The executive order’s prioritisation of assessing and mitigating known vulnerabilities is a good step forward. Agencies need the tools to detect networked devices and systems, and the ability to identify and prioritise methods to best mitigate risk.”
Nominations are now open for the Tech Leaders Awards 2017, the UK’s flagship celebration of the business, IT and digital leaders driving disruptive innovation and demonstrating value from the application of technology in businesses and organisations. Nominating is free and simply: just click here to enter. Good luck!