adamparent - Fotolia
An executive order aimed at boosting US cyber security was not signed on schedule as president Donald Trump turned his attention to legal challenges related to his controversial orders on immigration.
The White House offered no reason for the delay, but a Trump aide told Bloomberg on condition of anonymity that Trump’s schedule had been complicated by discussions of a lawsuit by San Francisco.
City officials are challenging president Trump’s order to withhold funds from cities that protect undocumented immigrants by failing to prosecute them for violating immigration laws.
The eagerly awaited executive order is expected to make the heads of federal agencies accountable for internal IT modernisation and cyber security of their agencies.
Greater clarity on this and other cyber security issues and concerns is likely to be welcomed in the light of growing fear about cyber attacks, massive data breaches within government departments, and the more recent hacking and leaking of Democratic emails, as part of what US intelligence agencies claim was a cyber campaign aimed at influencing the outcome of the presidential election.
In a meeting with cyber security advisors, Trump reportedly said he planned to hold cabinet secretaries and agency heads “totally accountable for the cyber security of their organisations,” adding that it was “probably” not up to the required level.
Trump also plans to “empower these agencies to modernise their IT systems for better security and other uses,” spanning federal networks and data, he said.
A White House official said the agency leaders should not delegate these tasks to chief information officers, but had not given any indication yet if extra funding will be made available for cyber security improvements.
Agency heads are also expected to be directed to ensure their efforts are coordinated by working with Reed Cordish, the assistant to the president for intergovernmental affairs and technology initiatives.
The director of the Office of Management and Budget will then be tasked with managing and overseeing risk across all components in the executive branch, the White House official said.
Concerns around critical national infrastructure
The executive order is expected to address cyber security concerns around critical national infrastructure in particular.
An early draft, which appeared to confirm this, stated that agencies protecting civilian networks and infrastructure are not “currently organised to act collectively or collaboratively, tasked, or resourced, or provided with legal authority adequate to succeed in their missions.”
Relating to this, the draft orders the immediate commencement of a report on options to incentivise private sector adoption of effective cyber security measures.
The draft also states that the US is committed to employing the “full spectrum” of its capability to defend US interests in cyberspace, and to “identifying, disrupting, and defeating malicious cyber actors”.
It is widely hoped that Trump’s administration will make new investments in cyber security after a bill aimed at modernising government technology under President Obama failed to get support in the Senate despite getting the approval of the House of Representatives.
Working with the private sector to fight cyber crime
In a meeting with cyber security adviser Rudy Giuliani, Trump said that agencies need to work with the private sector, which is “way ahead of government” in cyber security capability, to make sure owners and operators “have the support they need from the federal government to defend against cyber threats,” according to NextGov.
The meeting, which may have also contributed to the delay in signing the executive order, was reportedly aimed at getting additional input from cyber experts and heads of intelligence agencies, including NSA director admiral Michael Rogers and former NSA director general Keith Alexander.
Giuliani said the private sector is “wide open to hacking, and sometimes by hacking the private sector, you get into government. So we can’t do this separately,” underlining the importance of public-private collaboration.
The White House has not yet provided a new date for the signing of the cyber security executive order.