President Donald Trump on Thursday signed a long-delayed cybersecurity executive order that launches sweeping reviews of the federal government’s digital vulnerabilities and directs agencies to adopt specific security practices.
The directive is Trump’s first major action on cyber policy and sets the stage for the administration’s efforts to secure porous federal networks that have been repeatedly infiltrated by digital pranksters, cyber thieves and government-backed hackers from China and Russia.
“The trend is going in the wrong direction in cyberspace, and it’s time to stop that trend and reverse it on behalf of the American people,” White House Homeland Security Adviser Tom Bossert told reporters during a Thursday afternoon briefing.
Cyber specialists say the order breaks little new ground but is vastly improved over early drafts, which omitted input from key government policy specialists. The final version, cyber watchers say, essentially reaffirms the gradually emerging cyber policy path of the past two administrations.
But Bossert said that while the Obama administration made “a lot of progress” on cyber, that it didn’t do “nearly enough.”
As POLITICO first reported in late April, the executive order creates a bevy of reviews, including an assessment of the cyber risks at every agency. The executive fiat also orders a review of current efforts to protect vital infrastructure like power plants and hospitals, as well as a report on building the cyber workforce, which is facing significant shortages of well-trained employees.
As part of the executive order’s IT upgrade initiative, administration officials will study the feasibility of transitioning to shared IT services and networks across the government. An estimated 80 percent of the $80 billion federal IT budget goes toward taking care of aging systems.
If the government doesn’t start to use joint IT services — such as cloud computing — Bossert said “we’re going to be behind the eight-ball for a long time.”