Categories: CyberCrimeSecurity

White House Withholds Cyber-Security Order For Further Revision

An administration burned by the failure of its executive order on immigration to pass legal muster has held up consideration of its next big effort, which is an order on cyber-security. That executive order, something each administration has issued since the George W. Bush presidency, was withheld without explanation on the day it was supposed to be signed.

A look at the original EO as obtained by the Washington Post and the subsequent revision as obtained by Lawfare show substantial differences.

The latest version, which is still a draft, shows two things, one is a wish list from lots of people, and the other which is a more thoughtful approach by someone with actual cyber-security expertise.

The speculation as to why the order was suddenly pulled revolves around a president who was reportedly angry that the immigration order wasn’t well crafted and who wanted to make sure this one was done right.

Trump cybersecurity

The new version of the EO does several important things. First, it makes clear that each agency head and each department secretary has the ultimate accountability for cyber-security. This appears to be done to prevent those heads from passing the buck to their subordinates instead of retaining it in their own hands.

The new EO also speaks clearly about the need to modernize the U.S. government’s antiquated data systems, to keep software and systems updated and to make sure the latest security practices are followed. The order also requires full assessments of government agency’s cyber-security status and to report it to the White House. The Office of Management and Budget would receive the reports and consolidate them for the President.

It’s notable that the revised EO discusses risk management in detail and it discusses the risk of outdated systems. The draft order says, “Known but unmitigated vulnerabilities are among the highest risks faced by executive departments and agencies (agencies). Known vulnerabilities include using operating systems or hardware beyond the vendor’s support lifecycle, declining to implement a vendor’s security patch, or failing to execute security specific configuration guidance.”

The problem with the approach is that it comes from a President who continues to use an older, unsecured, Samsung Galaxy cell phone on a constant basis despite having been provided a secure smartphone like the one used by his predecessor.

Likewise there are reports widely circulating in Washington that the senior White House staff has yet to give up using their personal devices. It’s worth noting that the President’s Android phone is one of those that are vulnerable to being hacked by a single incoming text message.

Still, much of the order argues for a consistently updated federal IT infrastructure, which is something that previous administrations haven’t really tried. But the reason that approach hasn’t been tried  is the difficulty in getting Congress to pay for a comprehensive data system update.

Originally published on eWeek

Quiz: What do you know about Trump and technology?

Continues on Page 2…

Page: 1 2

Wayne Rash

Wayne Rash is senior correspondent for eWEEK and a writer with 30 years of experience. His career includes IT work for the US Air Force.

Recent Posts

SoftBank Promises To Invest $100bn In US

Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…

3 hours ago

Synopsys, SiMa.ai To Collaborate On AI Car Chips

Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…

3 hours ago

AI Start-Up Basis Raises $34m For Accountancy Agent

Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…

4 hours ago

Databricks Raises $10bn In Huge AI Funding Round

Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…

4 hours ago

Congo Files Complaints Against Apple Over Conflict Minerals

Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…

5 hours ago

EU Opens TikTok Probe Over Election Interference Claims

European Commission opens formal probe into TikTok after Romanian first-round elections annulled over Russian interference…

5 hours ago