Categories: CyberCrimeSecurity

White House Withholds Cyber-Security Order For Further Revision

To put it bluntly, Congress is famously stingy when it comes to spending money for the Executive Branch unless it somehow benefits each member’s district.

What’s also notable is that the revised EO, while more complete than the first version, still doesn’t really address a full cyber-security picture. For example, there’s no discussion of staff qualification or training so that existing staffers can be up to speed on current cyber-security practices.

Considering that the White House has frozen all federal hiring with few exceptions, most departments and agencies will have no way to hire experienced security personnel, which means that they must train the personnel they already have.

Likewise, the cyber-security EO, assuming it survives relatively intact, does not address the vast array of equipment the government already has. What’s going to happen to this gear? It can’t just be dumped on the surplus market, if only because much of it contains sensitive or classified information.

What next?

“This is very typical of what you see these days,” said Arman Sadeghi, CEO of Data Destruction Corporation. “That one of the areas that’s often overlooked. It’s been happening for many years. They’ve completely left it out.”

While the EO focuses heavily on keeping internet-borne hackers out of U.S. networks, it doesn’t really address threats coming from other directions. “There’s a major disconnect in where data gets out,” Sadeghi said. “They’re focusing on hacks through the web, but a much bigger risk is with devices that are obsolete and being taken off line. A data breach will involve this aspect of data security.”

The problem is that a great deal of equipment contains data, and a lot of it isn’t obvious. Some things such as hard disk drives are obvious. But surprisingly few IT managers or CISOs realize that everything from copiers to fax machines to network switches and firewalls also retain data, and that data can be recovered by attackers and used.

“They need to specifically have verbiage that addresses end of life for IT equipment that contains data,” he said. Sadeghi also said that the emergence of internet of things devices within the government will only exacerbate the problem with data retained in obsolete devices, because most of these devices contain data and so does the network equipment they use for communications.

If there’s a bright point, it’s that the cyber-security EO is still just a draft. Potentially, it can be changed to be more complete. Considering that it looks as though existing draft went through the hands of someone who knew what they were doing, perhaps it’s not too late for a more comprehensive draft to become the final executive order that the president signs.

Originally published on eWeek

Quiz: What do you know about Trump and technology?

Page: 1 2

Wayne Rash

Wayne Rash is senior correspondent for eWEEK and a writer with 30 years of experience. His career includes IT work for the US Air Force.

Recent Posts

China Chip Growth Slows As US Targets Legacy Chips

Growth in China's output of integrated circuits slows in November as Biden administration reportedly launches…

3 hours ago

Meta Adds ‘Live AI’ To Ray-Ban Smart Glasses

Facebook parent Meta adds AI voice chat, live translation to Ray-Ban Meta smart glasses as…

1 day ago

US Senate Criticises Amazon Over Warehouse Safety

Senate study finds Amazon did not implement protections recommended by internal studies over risk they…

1 day ago

US Lawmaker Calls For Drone Detection Tech After Runway Closure

US senate majority leader calls for federal deployment of drone detection technology after drone sightings…

1 day ago

TikTok Shop US Sales Surpass Shein, Sephora

After launching in September 2023, TikTok Shop rises to broad popularity with US sales surpassing…

1 day ago

China Chip Investment Plummets Amidst US Restrictions

Investment in China's semiconductor industry falls by one-third this year as US tightens restrictions, state…

1 day ago