Governance & Risk Management

Report: Trump to Call for Cybersecurity Review

Pending Executive Order Spells Out Timeline for Action
Report: Trump to Call for Cybersecurity Review
President Donald Trump. Photo: Michael Vadon (Creative Commons)

(Editor's Note: On Jan. 31, President Trump delayed the planned signing of a revised version of his executive order on cybersecurity.)

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

President Trump is reportedly preparing to issue an executive order calling for a review of the nation's cybersecurity capabilities and vulnerabilities.

The Washington Post on Jan. 26 reported that it had obtained a copy of a "pending" Trump executive order titled "Strengthening U.S. Cybersecurity and Capabilities."

The pending order, as published by the newspaper, notes: "The United States is committed to: ensuring the long-term strength of the nation in cyberspace; preserving the ability of the U.S. to decisively shape cyberspace relative to other international, state, and non-state actors; employing the full spectrum of our capabilities to defend U.S. interests in cyberspace; and identifying, disrupting and defeating malicious cyber actors."

Review Tasks

The pending order calls for "a review of the most critical U.S. cyber vulnerabilities" to commence immediately and be conducted within 60 days of the signing of the order. The review is to include recommendations by the Department of Defense for national security systems as well as recommendations by the Department of Homeland Security for "the enhanced protection of the most critical civilian federal government, public and private sector infrastructure."

The Secretary of Defense will co-chair the vulnerabilities review with the Secretary of Homeland Security, the Director of National Intelligence, the Assistant to the President for National Security Affairs, and the Assistant to the President for Homeland Security and Counterterrorism, the pending order says.

During that same 60-day time frame, the pending order also calls for a review of the identities, capabilities and vulnerabilities of the principal U.S. cyber adversaries.

It also calls for identifying an "initial set of capabilities needing improvement to adequately protect U.S. critical infrastructure."

"The capabilities review's recommendations shall include steps to ensure that the responsible agencies are appropriately organized, tasked and resourced, and provided with adequate legal authority necessary to fulfill their missions," the pending order states.

In addition, the pending order calls for a "workforce development review" to assess "U.S. efforts to educate and train the workforce of the future. The Secretary of Defense shall make recommendations as he sees fit in order to best position the U.S. educational system to maintain its competitive advantage into the future."

Plus, the order calls for preparing a report within 100 days on options "to incentivize private sector adoption of effective cybersecurity measures."

Initial Reaction

Cyber intelligence expert Tom Kellerman offered a harsh assessment of the draft order, telling Information Security Media Group: "Frankly it is a mandate for an assessment of already known realities. There is no strategic action recommended beyond assessing the state of play and the gaps in security as they exist now. I would prefer that the administration take the bipartisan Commission on Cybersecurity's recommendations to heart." (See: Task Force Issues Cybersecurity Advice to Donald Trump)

Kellerman, CEO of venture capital firm Strategic Cyber Ventures, served on the Commission on Cyber Security for the 44th President of the United States. He called on the president to take specific steps, including appointing a cybersecurity ambassador, mandating that 20 percent of federal IT spending be allocated to cybersecurity and establishing a "superfund" for cybersecurity devoted to "critical infrastructure protection in cyberspace."

(News Editor Howard Anderson contributed to this story.)

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.