Trump Administration's Cybersecurity Executive Order Smartly Builds On Previous Efforts

May 16, 2017

Last week, the Trump Administration released its long awaited Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (“Cybersecurity EO” or “Executive Order”). The Order launches significant reviews of the federal government’s digital vulnerabilities, existing efforts to protect critical infrastructure, and the development of the “cyber workforce”, and focuses on three separate areas of cybersecurity improvement: federal networks, critical infrastructure, and the United States as a whole.
The new Cybersecurity Executive Order is a promising first step for the new White House’s digital security agenda. CCIA is encouraged by the new order’s efforts to build on existing policies that have already been shown to be effective, particularly the reliance on the NIST Cybersecurity Framework to shape risk management in federal digital systems, and the appropriate deference to the carefully scoped definition of which sectors are considered critical infrastructure.
In the case of federal networks, the Executive Order requires that the heads of federal agencies look to the risk-management standards and best practices found in NIST’s Framework for Improving Critical Infrastructure Cybersecurity, which was initially produced pursuant to President Obama’s 2013 Executive Order on Improving Critical Infrastructure Cybersecurity. Those agencies must also produce a report to document their risk mitigation and acceptance decisions, and include their plans for implementing the NIST Framework. Lastly, the executive branch and federal agencies must show preference in procurement for “shared IT services” in their effort to “build and maintain a modern, secure, and more resilient” IT architecture.
The 2013 Executive Order on critical infrastructure again provides the basis for the Trump Administration Order’s directives in that space. The new Cybersecurity EO orders federal agencies to identify how they can better support the security efforts of critical infrastructure, as defined by Section 9 of President Obama’s 2013 order as those sectors where “a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.” Importantly, no “commercial information technology products or consumer information technology services” can be designated as critical infrastructure under either executive order.
Finally, Section 3 of the new EO addresses “Cybersecurity for the Nation”, encompasses consumer cybersecurity and workforce issues. Encouragingly, the EO’s goal for national cybersecurity is to promote an “open, interoperable, reliable, and secure internet that fosters efficiency, innovation, communication, and economic prosperity, while respecting privacy and guarding against disruption, fraud, and theft.”
To ensure the Internet retains these important characteristics in the future, federal agencies are to report on the Nation’s strategic deterrence options online, while the Departments of State, Commerce, Defense, Treasury, and Homeland Security are to identify their international priorities, which will be turned into a strategy international cooperation in cybersecurity by the State Department. The EO concludes by turning to relevant agencies to assess the readiness of the American cybersecurity workforce, the workforce development of foreign “cyber peers”, and U.S. efforts to maintain or increase its advantage in “national-security-related cyber capabilities.”
CCIA looks forward to working with the Administration as it continues in its efforts to ensure that the Internet remains “open, interoperable, reliable, and secure.”

Related Articles

CCIA Expresses Concern Over New Senate Bill To Weaken Encryption

Jun 24, 2020

Washington — A bill to give law enforcement more access to personal data with fewer legal protections for citizens has been introduced in the Senate Tuesday. Senators Lindsey Graham, R-SC, and Tom Cotton, R-Ark., and Marsha Blackburn, R-Tenn., have announced the  “Lawful Access to Encrypted Data Act.” The bill would compel device manufacturers and providers…

White House Expected To Issue Executive Order Targeting Online Speech

May 28, 2020

Washington – According to various news reports, President Trump is expected to issue an executive order seeking to roll back the liability protections that have allowed users to post content online.  Reports of an executive order come days after Twitter applied a fact-check notice adjacent to accusations from President Trump via Twitter about alleged voter…

CCIA Encouraged by Increasing Support For Federal Privacy Legislation

Oct 15, 2019

Washington – The New Democrat Coalition, representing more than 100 House Democrats, has announced support for federal privacy legislation introduced by Congresswoman Suzan DelBene, D-Wash. The bill would give consumers control over their personal information, empower the Federal Trade Commission with additional tools and resources to patrol online privacy practices, and ensure that individuals across…