Security shield slingers are loving Prez Trump's cybersecurity order

Meanwhile, Fed heads have their work cut out for them


US President Donald Trump's cybersecurity executive order, signed on Thursday after a series of delays, will make federal agency heads accountable for protecting their networks.

On the other side of the fence, computer security product makers have broadly welcomed the policy, which also calls on government and industry to reduce the threat from automated attacks on the internet.

The delayed cybersecurity executive order aims to bolster the government's information security while protecting the nation's critical infrastructure from cyberattacks. The order is important because it sets the direction for US infosec policy in government and beyond. Unlike many of President Trump's other policy initiatives, the order is largely uncontroversial and might (whisper this gently) be seen largely as a continuation of measures former President Barrack Obama was putting into place.

Kevin Davis, VP of public sector at Splunk, said: "Improving cybersecurity is one of the few items both sides of the aisle can reach across and agree on, and today's executive order is a good, bipartisan step to better protect our government's networks and critical infrastructure."

"Hackers' preferred attack methods against the public and private sector change daily, and Trump's executive order is a good reflection of the need for adaptability in today's threatscape. And as methods of cybercrime continue to evolve, it will be important to government agencies to rely on data analysis, to quantify the risk so they can adapt appropriately," he added.

Some experts argue that the order will spur an overdue rethink about federal IT security strategies.

Davis explained that the order differs in several important respects from the draft order floated by the Trump administration back in January.

"The draft order gave DoD [US Department of Defense] a very muscular role in almost every component of the original plan," Davis said. "In the signed order issued today, DoD is tasked with contributing to the plan in areas more in line with its war-fighting capabilities.

"Similarly, the earlier order sought to explore ways to promote cyber resiliency in the private sector by creating financial incentives (ie, tax breaks) to spend on cybersecurity. The signed order turns to market transparency to encourage critical infrastructure entities to properly mitigate cyber risks. This approach transfers the costs and risks of improper planning to the infrastructure owners and investors and away from the taxpayer," he added.

The buck stops there

The order means federal agency heads will be held accountable for the effective management of the cyber risk within their agencies, something that was always an implicit duty but is now an explicit responsibility. Agency bosses will be obliged to implement the National Institute of Standards and Technology (NIST) risk management framework to develop assessments and plans. According to the executive order, agencies have 90 days to report back on risks and provide strategic plans for mitigation that work within budgetary constraints.

The executive order promotes network consolidation and shared IT services – a push towards streamlining services and keeping costs down. Increased consolidation will make it easier to apply a common (hopefully more robust) security architecture. In addition, the order promotes action against networks of compromised computers or other devices (botnets).

The order lays out a roadmap toward shared services and the cloud for applications including email. Companies providing security solutions in the cloud may see an uptick in federal business as these preferences translate to projects and spending, according to industry experts.

Stephen Coty, chief security evangelist at Alert Logic in Texas, said: "This executive order is using a risk-based approach to cybersecurity for the US government and its suppliers. The order is mandating that all departments complete full technology audits and put together a plan for improvement and modernization of their current IT infrastructure.

"They identify unmitigated vulnerabilities as one of the highest risks facing the executive departments and other agencies. These known vulnerabilities that they've identified include operating systems and hardware that are beyond the vendor support lifecycle. They also include declining to implement a vendor recommendation on patching and configuration guidance. All agency heads will be held accountable by the President for implementing these risk management measures."

Next page: Ch-ch-ch-ch-changes

Keep Reading

Trump fires cybersecurity boss Chris Krebs for doing his job: Securing the election and telling the truth about it

Terminated by presidential tweet that piled on the baseless election-rigging allegations CISA director sought to counter

Donald Trump thought-bubbles an Alibaba ban as Chinese clouds clam up about Clean Cloud plan

President says ‘other’ Chinese companies could feel the ban-hammer

Former HP CEO and Republican Meg Whitman – who split HP with mixed success – says Donald Trump can't run a business

Vows to vote for Democrat Joe Biden instead - as will ex-HP chief Carly Fiorina

Dutch officials say Donald Trump really did protect his Twitter account with MAGA2020! password

And no, we’re not going to prosecute the bloke who found out

Microsoft confirms pursuit of TikTok after Satya Nadella chats to Donald Trump

‘Appreciates President Trump’s personal involvement’ and promises so much security, you’ll be tired of securing

Three middle-aged Dutch hackers slipped into Donald Trump's Twitter account days before 2016 US election

The Orange One was using a password breached four years previously

Trump administration says Russia behind SolarWinds hack. Trump himself begs to differ

Microsoft’s analysis of hack suggests someone else had a crack at SolarWinds in 2019 when next-level 'DLL hell' followed likely developer pipeline compromise

One man is standing up to Donald Trump's ban on US chip tech going to Huawei. That man... is Donald Trump

President slams his own administration's 'ridiculous' China crackdown

Biting the hand that feeds IT © 1998–2021