Hopes rise for U.S. executive order confronting cybersecurity

cybersecurity DXC Blogs

Speaking recently at the Georgetown cyber conference, former NSA cybersecurity expert and White House cyber coordinator Rob Joyce said the belated cybersecurity executive order is close to fruition.

“I think the important focus on this is we want to make sure the cybersecurity [executive order] emerges … in sequence with other things that the administration is rolling out, so that we don’t distract from other important messages that are out there,” Joyce was quoted as saying at the conference.

Security and industry leaders have been waiting for the executive order to surface since January, when the President asked Rudy Giuliani to lead a team to focus on cybersecurity. The President was widely expected to sign a cybersecurity executive order on January 31, but didn’t without explanation.

According to a draft of the order leaked in February, federal agency leaders will be asked to apply NIST’s cyber risk management framework to information assets.

NIST’s cybersecurity framework is designed to help agencies of all sizes better protect their technology through standards, guidelines and good practices that help agencies first prioritize assets and then better protect them.

According to that leaked executive order, the Office of Management and Budget would also be charged with conducting agency risk assessments. It also calls for a cyber-deterrence strategy at the national level.

At what would have been the signing ceremony in January, Trump told reporters “he’ll hold cabinet secretaries and agency heads ‘totally accountable’ for the security of their networks. US. agencies ‘certainly’ don’t have as much cybersecurity protections as they need,” he said, according to this CSO story

“We must protect federal networks and data,” Trump added. “We operate these networks on behalf of the American people and they are very important. We will empower these agencies to modernize their IT systems for better security and other uses,” Grant Gross reported.

Hopes to see the executive order by the end of April were dashed. Still, the order is expected to surface at any time

Building cybersecurity capabilities has been something past administrations have tried to act upon, without gaining much traction.

In the spring of 2009, the Obama administration completed a 60-day review of national cybersecurity policy and published a plan that attempted to improve top-down security leadership, cybersecurity education, distributed responsibility, information sharing and encouraging innovation. Not much came from that plan.

The Obama administration’s plan followed a plan from the Bush administration that was published roughly seven years prior. The National Strategy to Secure Cyberspace was developed by then White House cybersecurity adviser Richard Clarke.

RELATED LINKS

Cool security tools your mobile workers just might use

What’s ahead for security and cloud adoption?

8 must-reads about the email hack that potentially influenced the U.S. election

Trackbacks

  1. […] hopes were high that the order would be signed earlier in the administration’s tenure, the date keeps getting […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: