President Trump is expected to sign soon Executive Order on Strengthening U.S. Cyber Security and Capabilities. Reports about a “leaked draft” of the Executive Order on Cybersecurity surfaced on the Internet a few days ago, along with predictions that the Order will be signed on January 31. The Order is yet to be signed and the publicized draft may undergo some changes. The available draft orders three reviews:
- Review of Cyber Vulnerabilities, which asks, within 60 days of the date of the Order, for a report of initial recommendations for the enhanced protection of the most critical civilian Federal Government, public, and private sector infrastructure.
- Review of Cyber Adversaries, which asks, within 60 days of the date of the Order, for a first report on the identities, capabilities, and vulnerabilities of the principal U.S. cyber adversaries.
- U.S. Cyber Capabilities Review, which asks for identification of an initial set of capabilities needing improvement to adequately protect U.S. critical infrastructure, based on the results of the other two Reviews. As part of this review, the Secretary of Defense and Secretary of Homeland Security are directed to gather and review information from the Department of Education “regarding computer science, mathematics, and cyber security education from primary through higher education to understand the full scope of U.S. efforts to educate and train the workforce of the future.” The Secretary of Defense is also directed to make recommendations “in order to best position the U.S. educational system to maintain its competitive advantage into the future.”
The Order also asks for a “Private Sector Infrastructure Incentives Report,” within 100 days of the date of the Order, from the Secretary of Commerce to the President, outlining “options to incentivize private sector adoption of effective cyber security measures.”
Recently, President Trump held a meeting on cybersecurity at the White House. During the meeting, President Trump stated:
I will hold my Cabinet Secretaries and agency heads accountable, totally accountable, for the cybersecurity of their organizations. … We must defend and protect federal networks and data. We operate these networks on behalf of the American people, and they are very important and very sacred. … We will empower these agencies to modernize their IT systems for better security and other reasons. We will protect our critical infrastructure, such as power plants and electrical grids. … We must work with private sector, private sector is way ahead of government in this case, to ensure that owners and operators of critical infrastructure have the support they need from the federal government to defend against cyber treats.”
During the meeting, President Trump introduced Rudy Giuliani as his cybersecurity advisor. Mr. Giuliani commended President Trump on keeping his campaign promises to improve national cybersecurity. Mr. Giuliani agreed with President Trump on the need for collaboration between the government and the private sector and stated that the U.S. private sector “is wide open to hacking and sometimes by hacking the private sector you can get into government, so we can’t do this separately.”
Mr. Giuliani stated that the administration would benefit from consulting the private sector regarding the cybersecurity problems and solutions the private sectors has, in order to effectively address national security and the growing cyber theft problem. Mr. Giuliani also stated that while some of the private sector is adequately responding to cyber threats, a part of the private sectors need to “wake up” to the fact that they need to do more in terms of cybersecurity.
It is clear that the new administration plans to actively pursue its cybersecurity goals and to focus on growing a partnership between the private sector and the government to improve cybersecurity across the board.