Back to Insights
Trump’s Cybersecurity Executive Order Could Incentivize Private Sector to Bolster Security
February 3, 2017 | Regulations & Legislation
By Daniel Maloof, IANS Managing Editor
While President Donald Trump has postponed the signing of his Executive Order on cybersecurity, a draft copy leaked to the Washington Post indicates the government is considering incentivizing private companies to improve their security posture.
The order calls for the establishment of a committee to include the Secretary of Defense, Secretary of Homeland Security, Director of National Intelligence, Assistant to the President for National Security Affairs and Assistant to the President for Homeland Security and Counterterrorism. Within 60 days of the order’s signing, this committee would be tasked with submitting recommendations on a range of cybersecurity issues, including protecting critical infrastructure by working with private sector owners and operators.
Like the Cybersecurity Information Sharing Act (CISA), signed into law by President Obama in December 2015, Trump’s draft executive action also encouraged the sharing of threat intelligence information between the private sector and government.
The committee would “review and expand on existing reports on economic and other incentives to: induce private sector owners and operators of the Nation’s critical infrastructure to maximize protective measures; invest in cyber enterprise risk management tools and services; and adopt best practices with respect to processes and technologies necessary for the increased sharing of and response to real-time cyber threat information.”
The six-page draft document also indicated the Administration’s goal of improving education around cybersecurity, calling on the Secretaries of Defense and Homeland Security to assess information from the Secretary of Education on “computer science, mathematics, and cyber security education from primary through higher education to understand the full scope of U.S. efforts to educate and train the workforce of the future.”
Nothing Groundbreaking, But It's a Start
IANS Faculty Dave Shackleford, founder and principal consultant with Voodoo Security, said that when reading between the lines a bit, there seemed to be some positives in the draft order.
“First, cyberwarfare is now in the same breath as air, water and land attacks,” Shackleford noted. “The order also acknowledges that the current state of affairs is not great – the government agencies tasked with cybersecurity are not well organized to collectively respond to attacks.”
“President Trump’s calling for a universal review of capabilities and gaps in U.S. cybersecurity - with involvement from many groups like the NSA, CIA, DOD and Homeland Security - shows the sense of urgency involved, and hopefully some direct action will result,” Shackleford added.
Shackleford did add that some in the defense and intelligence communities were left “scratching their heads” over the possibility that the Office of Management and Budget (OMB) could have primary oversight of cybersecurity. Further, some legal and cybersecurity experts were surprised by the fact that the FBI was never mentioned in the document, after President Obama had included the agency in his incident response coordination policy signed over the summer.
Ultimately, though, Shackleford said he was viewing the draft document with cautious optimism, as much information is still to come.
“Overall, this is a positive step, but the actions taken after the 60-day reviews occur will really tell us what direction the administration plans to take,” he said. “We should all be paying very close attention to this in the weeks and months to come.”
*Check back with IANS for updates on any changes to the Executive Order once it is signed by President Trump.
Take a Threat Modeling Approach to Protecting Critical IoT Infrastructure
Mark Clancy on the Petya-like GoldenEye Attacks and Tough Choices in Enterprise Defense
| Faculty Report
Beef Up Your Threat Intelligence By Leveraging Internal Success
Jon Condra on Dark Web Threats and Nation-State Attackers