A new Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure has been signed. The order is targeting the federal government’s notorious vulnerability to cyber threats, mandating one set of standards and making the heads of each government agency responsible for security.
“The United States invented the internet and we need to better use it,” Tom Bossert, Trump’s homeland security adviser, said at a briefing on the order for reporters. “There will always be risk, and we need to address that risk.”
The new order puts responsibility for cybersecurity squarely on the shoulders of the director of every federal agency, making it more difficult for executives to pass the buck to their information technology staffs every time a new breach is discovered. It also includes a major and unexpected initiative: moving as much of the government’s cyberdefense system to “the cloud” as possible.
“Risk management decisions made by agency heads can affect the risk to the executive branch as a whole,” according to the order. “Effective risk management requires agency heads to lead integrated teams of senior executives with expertise in IT, security, budgeting, acquisition, law, privacy and human resources.”
“The United States invented the internet and we need to better use it,” Tom Bossert, Trump’s homeland security adviser, said at a briefing on the order for reporters. “There will always be risk, and we need to address that risk.”
Trump had been scheduled to sign the order on Jan. 31, but that signing was postponed without explanation.
The new order puts responsibility for cybersecurity squarely on the shoulders of the director of every federal agency, making it more difficult for executives to pass the buck to their information technology staffs every time a new breach is discovered.
“Risk management decisions made by agency heads can affect the risk to the executive branch as a whole,” according to the order. “Effective risk management requires agency heads to lead integrated teams of senior executives with expertise in IT, security, budgeting, acquisition, law, privacy and human resources.”
That provision effectively establishes a single structure centralizing all federal IT networks. Specifically, the order directs all federal agencies to adopt cybersecurity policies drawn up by the National Institute of Standards and Technology — policies that were issued years ago but that the government itself has never adopted.