Cyber Security Executive Order
A new Trump administration cybersecurity executive order is expected to be signed into law. Possibly as soon as today. The first draft of the cyber security executive order first surfaced earlier this year and was due to be signed by President Trump them. However, the order was never enacted and no explanation for the hold-up was given.
Past federal cyber security breaches include compromised systems at the Office of Personnel Management, Internal Revenue Service, and State Department. There is little information about the new executive order, but some information has leaked through from agencies that weighed in with suggestions.
Expected highlights of the new order include:
- Federal agency heads are to be held accountable for vulnerabilities in their technology systems
- Federal managers will be compelled to adopt National Institute of Standards and Technology (NIST) cyber security best practices
When the executive order is finally signed, the heads of federal agencies and executive departments are expected to be held accountable for ensuring their departments’ data is safe. Part of this new responsibility includes adopting standards from the NIST. One NIST document that is expected to be included is the NIST’s The Framework for Improving Critical Infrastructure Cybersecurity.
The cyber security executive order also expects agency heads to address budgetary needs for cyber security in their respective departments. The obvious issue is that the US federal government’s legacy IT systems are incredibly antiquated.
In 2015, the United States Government allocated $12.5 billion towards cyber security systems. The federal budget allocation for cyber security in 2016 saw a 10% increase, at $14 billion dollars. Any effective executive order would have to include funding IT upgrade over $80 billion in outdated IT systems.