To put it bluntly, Congress is famously stingy when it comes to spending money for the Executive Branch unless it somehow benefits each member’s district.
What’s also notable is that the revised EO, while more complete than the first version, still doesn’t really address a full cyber-security picture. For example, there’s no discussion of staff qualification or training so that existing staffers can be up to speed on current cyber-security practices.
Considering that the White House has frozen all federal hiring with few exceptions, most departments and agencies will have no way to hire experienced security personnel, which means that they must train the personnel they already have.
Likewise, the cyber-security EO, assuming it survives relatively intact, does not address the vast array of equipment the government already has. What’s going to happen to this gear? It can’t just be dumped on the surplus market, if only because much of it contains sensitive or classified information.
While the EO focuses heavily on keeping internet-borne hackers out of U.S. networks, it doesn’t really address threats coming from other directions. “There’s a major disconnect in where data gets out,” Sadeghi said. “They’re focusing on hacks through the web, but a much bigger risk is with devices that are obsolete and being taken off line. A data breach will involve this aspect of data security.”
The problem is that a great deal of equipment contains data, and a lot of it isn’t obvious. Some things such as hard disk drives are obvious. But surprisingly few IT managers or CISOs realize that everything from copiers to fax machines to network switches and firewalls also retain data, and that data can be recovered by attackers and used.
“They need to specifically have verbiage that addresses end of life for IT equipment that contains data,” he said. Sadeghi also said that the emergence of internet of things devices within the government will only exacerbate the problem with data retained in obsolete devices, because most of these devices contain data and so does the network equipment they use for communications.
If there’s a bright point, it’s that the cyber-security EO is still just a draft. Potentially, it can be changed to be more complete. Considering that it looks as though existing draft went through the hands of someone who knew what they were doing, perhaps it’s not too late for a more comprehensive draft to become the final executive order that the president signs.
Originally published on eWeek
Quiz: What do you know about Trump and technology?
Page: 1 2
Growth in China's output of integrated circuits slows in November as Biden administration reportedly launches…
Facebook parent Meta adds AI voice chat, live translation to Ray-Ban Meta smart glasses as…
Senate study finds Amazon did not implement protections recommended by internal studies over risk they…
US senate majority leader calls for federal deployment of drone detection technology after drone sightings…
After launching in September 2023, TikTok Shop rises to broad popularity with US sales surpassing…
Investment in China's semiconductor industry falls by one-third this year as US tightens restrictions, state…