U.S. President Donald Trump signed an executive to safeguard the government’s cyber security and protect critical infrastructure from cyber attacks.
According to the order, several Cabinet-level departments — including Homeland Security, the Treasury, the Attorney General’s office and the Defense Department, among others — must submit a joint report on “strategic options for deterring adversaries and better protecting the American people from cyber threats.” Once that report is submitted, the Office of Management and Budget must submit its own report to the White House within 90 days.
The order aimed to enhance protection of infrastructure such as the energy grid and financial sector from sophisticated attacks that officials have warned could pose a national security threat or cripple parts of the economy.
Among the notable changes, heads of federal agencies must use a framework developed by the National Institute of Standards and Technology to assess and manage cyber risk, and prepare a report within 90 days documenting how they will implement it.
The order calls for an examination of the impact of moving agencies toward a shared information technology environment, such as through cloud computing services. It also urges voluntary cooperation with the private sector to develop better strategies to fend off and reduce attacks from botnets, or networks of infected devices.
Agencies will also be required to identify risks to their networks and share that information with the White House. The goal is to prevent a recurrence of the 2014 data breach at the Office of Personnel Management, in which hackers stole personal information of an estimated 21.5 million people.
For infrastructure, the executive order tasks the secretary of homeland security with reporting to Trump how vulnerable utility, financial, healthcare and telecommunications systems are to terrorist attacks.
The third part of the executive order calls for developing a set of policies to protect Americans on the internet.
A key feature of the order is emphasizing risk management. Homeland Security and the Office of Management and Budget will be charged with developing continuing regular audits to evaluate risk and whether budgetary constraints are adequate to meet that risk.
The order further prioritizes the modernization of federal networks and systems.
Click on this Link to Read the Original Full Order.
The secretaries of homeland security and commerce will also look at private sector companies that could help reduce the threat of botnets ‒ networks of hijacked devices that launch attacks ‒ and distributed denial-of-service (DDoS) attacks, which use automated bots to flood a site with so much traffic that it temporarily shuts down.
Agencies will now follow the National Institute for Standards and Technology framework – a flexible set of guidelines developed by NIST, a part of the Department of Commerce. The guidelines were developed to be adaptable to any organization and are currently popular in the private sector.
The cybersecurity executive order contains suggestions that are, by and large, considered good ideas by experts, including holding agency heads accountable for cybersecurity.