Trump hits control-Z on cybersecurity order: No reason given for delay

Follows briefings heavy on blame, light on Russia

US President Donald Trump unexpectedly cancelled the signing of a new executive order on cybersecurity Tuesday, following a day of briefings by the White House on its contents.

The order – a draft of which was leaked and we reviewed last week – was due to be signed at 3:15pm Eastern time, but was cancelled at the last minute with no explanation given.

While discussion and commentary in the capitol has continued to revolve around the fallout from Trump's ill-conceived executive order on immigration – not least his firing on Monday night of the assistant attorney general after she questioned its legality – the White House has spent much of the day talking about cybersecurity.

Officials briefed journalists in the morning on the order's contents and told them that the goal behind the order was to "hold the heads of federal agencies accountable for managing their cyber risk." A cybersecurity framework developed by NIST, the National Institute of Standards and Technology, was held up as the standard.

The order also asks the executive branch's budget operation – the Office of Management and Budget – to assess the risks that the federal government faces when it comes to cybersecurity, with an eye to modernizing the system to be more secure.

In the afternoon, Trump held a meeting with a group on cybersecurity – including Rudy Giuliani, who he has chosen to head up cybersecurity efforts despite a lack of experience – in which he reiterated that he would "hold my cabinet secretaries and agency heads accountable, totally accountable, for the cyber security of their organizations."

From Russia with love

Trump and Giuliani went heavy on the need to secure networks against attacks, and said that corporations – which own the majority of internet networks in the United States – would need to work with the government to that end. However, they stopped short of suggesting there would be an effort to impose some form of authority over them.

Trump talked about "working with" the private sector on cybersecurity and said that he would "make sure that owners and operators of critical infrastructure have the support they need from the federal government to defend against cyber threats." Giuliani was more aggressive, arguing that "the private sector is wide open to hacking, and sometimes by hacking the private sector, you get into government. So we can't do this separately." He said part of the goal of the executive order was to "get the private sector to wake up."

Trump said: "We must protect federal networks and data. We operate these networks on behalf of the American people and they are very important," and he gave the electrical grid and power plants as key examples.

Trump was unable to stop himself from talking about the hack of the Democratic National Congress' email servers, however – leaks from which embarrassed the political party and contributed to his victory.

"Despite how they spent hundreds and hundreds of millions of dollars more money than we did, the Democratic National Committee was hacked successfully, very successfully, and terribly successfully," he noted.

He then repeated the questionable statement that the same hackers who infiltrated the DNC's servers had tried unsuccessfully to do the same to the Republican party. "The Republican National Committee was not hacked. Meaning it was hacked, but they failed. It was reported, I believe, by Reince and other people that it was hacked, but we had a very strong defense system against hacking."

Youtube Video

Despite having raised the issue, Trump refused to mention or talk about the assessment of the US intelligence agencies that it was the Russian government that had instigated the hacking and had actively attempted to sway the election in his favor. Cybersecurity experts also believe that the RNC servers were in fact hacked by the Russian government – but their contents were not shared publicly for fear of damaging Trump's chances.

After the briefing and meeting on cybersecurity, Trump was scheduled to sign the executive order in the Oval Office. That signing was abruptly cancelled however, with no explanation given. The final text of the order has yet to be confirmed, although a draft was leaked to The Washington Post. ®

Broader topics

Other stories you might like

  • $6b mega contract electronics vendor Sanmina jumps into zero trust
    Company was an early adopter of Google Cloud, which led to a search for a new security architecture

    Matt Ramberg is the vice president of information security at Sanmina, a sprawling electronics manufacturer with close to 60 facilities in 20 countries on six continents and some 35,000 employees spread across the world.

    Like most enterprises, Sanmina, a big name in contract manufacturing, is also adapting to a new IT environment. The 42-year-old Fortune 500 company, with fiscal year 2021 revenue of more than $6.76 billion, was an early and enthusiastic adopter of the cloud, taking its first step into Google Cloud in 2009.

    With manufacturing sites around the globe, it also is seeing its technology demands stretch out to the edge.

    Continue reading
  • IBM buys Randori to address multicloud security messes
    Big Blue joins the hot market for infosec investment

    RSA Conference IBM has expanded its extensive cybersecurity portfolio by acquiring Randori – a four-year-old startup that specializes in helping enterprises manage their attack surface by identifying and prioritizing their external-facing on-premises and cloud assets.

    Big Blue announced the Randori buy on the first day of the 2022 RSA Conference on Monday. Its plan is to give the computing behemoth's customers a tool to manage their security posture by looking at their infrastructure from a threat actor's point-of-view – a position IBM hopes will allow users to identify unseen weaknesses.

    IBM intends to integrate Randori's software with its QRadar extended detection and response (XDR) capabilities to provide real-time attack surface insights for tasks including threat hunting and incident response. That approach will reduce the quantity of manual work needed for monitoring new applications and to quickly address emerging threats, according to IBM.

    Continue reading
  • Israel plans ‘Cyber-Dome’ to defeat digital attacks from Iran and others
    Already has 'Iron Dome' – does it need another hero?

    The new head of Israel's National Cyber Directorate (INCD) has announced the nation intends to build a "Cyber-Dome" – a national defense system to fend off digital attacks.

    Gaby Portnoy, director general of INCD, revealed plans for Cyber-Dome on Tuesday, delivering his first public speech since his appointment to the role in February. Portnoy is a 31-year veteran of the Israeli Defense Forces, which he exited as a brigadier general after also serving as head of operations for the Intelligence Corps, and leading visual intelligence team Unit 9900.

    "The Cyber-Dome will elevate national cyber security by implementing new mechanisms in the national cyber perimeter, reducing the harm from cyber attacks at scale," Portnoy told a conference in Tel Aviv. "The Cyber-Dome will also provide tools and services to elevate the protection of the national assets as a whole. The Dome is a new big data, AI, overall approach to proactive defense. It will synchronize nation-level real-time detection, analysis, and mitigation of threats."

    Continue reading
  • Israeli air raid sirens triggered in possible cyberattack
    Source remains unclear, plenty suspect Iran

    Air raid sirens sounded for over an hour in parts of Jerusalem and southern Israel on Sunday evening – but bombs never fell, leading some to blame Iran for compromising the alarms. 

    While the perpetrator remains unclear, Israel's National Cyber Directorate did say in a tweet that it suspected a cyberattack because the air raid sirens activated were municipality-owned public address systems, not Israel Defense Force alarms as originally believed. Sirens also sounded in the Red Sea port town of Eilat. 

    Netizens on social media and Israeli news sites pointed the finger at Iran, though a diplomatic source interviewed by the Jerusalem Post said there was no certainty Tehran was behind the attack. The source also said Israel faces cyberattacks regularly, and downplayed the significance of the incident. 

    Continue reading
  • There are 24.6 billion pairs of credentials for sale on dark web
    Plus: Citrix ASM has some really bad bugs, and more

    In brief More than half of the 24.6 billion stolen credential pairs available for sale on the dark web were exposed in the past year, the Digital Shadows Research Team has found.

    Data recorded from last year reflected a 64 percent increase over 2020's total (Digital Shadows publishes the data every two years), which is a significant slowdown compared to the two years preceding 2020. Between 2018 and the year the pandemic broke out, the number of credentials for sale shot up by 300 percent, the report said. 

    Of the 24.6 billion credentials for sale, 6.7 billion of the pairs are unique, an increase of 1.7 billion over two years. This represents a 34 percent increase from 2020.

    Continue reading
  • TikTok US traffic defaults to Oracle Cloud, Beijing can (allegedly) still have a look
    Alibaba hinted the gig was worth millions each year

    The US arm of Chinese social video app TikTok has revealed that it has changed the default location used to store users' creations to Oracle Cloud's stateside operations – a day after being accused of allowing its Chinese parent company to access American users' personal data.

    "Today, 100 percent of US user traffic is being routed to Oracle Cloud Infrastructure," the company stated in a post dated June 18.

    "For more than a year, we've been working with Oracle on several measures as part of our commercial relationship to better safeguard our app, systems, and the security of US user data," the post continues. "We still use our US and Singapore datacenters for backup, but as we continue our work we expect to delete US users' private data from our own datacenters and fully pivot to Oracle cloud servers located in the US."

    Continue reading
  • OMIGOD: Cloud providers still using secret middleware
    All the news you may have missed from RSA this week

    RSA Conference in brief Researchers from Wiz, who previously found a series of four serious flaws in Azure's Open Management Infrastructure (OMI) agent dubbed "OMIGOD," presented some related news at RSA: Pretty much every cloud provider is installing similar software "without customer's awareness or explicit consent."

    In a blog post accompanying the presentation, Wiz's Nir Ohfeld and Shir Tamari say that the agents are middleware that bridge customer VMs and the provider's other managed services. The agents are necessary to enable advanced VM features like log collection, automatic updating and configuration syncing, but they also add new potential attack surfaces that, because customers don't know about them, can't be defended against.

    In the case of OMIGOD, that included a bug with a 9.8/10 CVSS score that would let an attacker escalate to root and remotely execute code. Microsoft patched the vulnerabilities, but most had to be applied manually.

    Continue reading

Biting the hand that feeds IT © 1998–2022