President Donald Trump has signed a long-awaited executive order that places responsibility for cybersecurity on departmental secretaries & agency directors. The EO emphasizes the use of risk management throughout the federal government to secure digital assets.
The executive order, signed Thursday by President Trump, calls for the modernizing of federal information technology, and the key points are as follows:
The cybersecurity executive order calls for:
- Requires each federal agency to use the cybersecurity framework developed by the National Institute of Standards and Technology (see NIST Cybersecurity Framework );
- Identifying federal capabilities that could be used to help companies involved in operating portions of the nation’s critical infrastructure to defend their information systems and data;
- Promoting processes to improve resilience of the internet and communications ecosystem to dramatically reduce threats perpetrated by botnets;
- Assessing electrical grid (infrastructure) disruption incident response capabilities;
- Identification of Cyber-risks faced by the defense industry and their supply-chain;
- Evaluation of education of CyberSecurity workforce training through all levels;
This executive order calls on the secretaries of commerce and homeland security, along with other agencies, to assess the efforts to train the American cybersecurity workforce, including cybersecurity-related education curricula, training and apprenticeship programs, from primary education all the way through higher education.
Most of the provisions within the EO are stated as directives, with agencies required to report to the office of the president within deadlines ranging from 45 to 240 days.