The latest leaked draft of President Donald Trump’s cybersecurity executive order emphasizes the need for the entire executive branch to compare the standing of the United States’ cybersecurity capabilities with the capabilities of the rest of the world.
Under the new order, each agency head is required to use the Framework for Improving Critical Infrastructure Cybersecurity, or any successor document, developed by the National Institute of Standards and Technology to manage the agency’s cybersecurity risk.
The president asked executives to draft several reports, which can be used to compare these factors.
- Each agency head will provide a risk management report to the secretary of Homeland Security and the director of the Office of Management and Budget within 90 days of the date of this order. Then the secretary of DHS, secretary of Commerce, the director of OMB, and the administrator of General Services will report to the president on how to secure the executive branch’s networks. Reed Cordish, assistant to the president for Intragovernmental and Technology Initiatives, will coordinate a report to the president from these executives regarding modernization of IT. Agency heads are required to show preference in their procurement for shared IT services to the extent permitted by law, including email, cloud, and cybersecurity services.
- The secretary of Defense and the director of national intelligence will be in charge of IT modernization for national security networks.
- The secretary of Homeland Security, the secretary of Defense, the attorney general, the director of National Intelligence, and the FBI director are tasked with leading the efforts to secure the nation’s critical infrastructure. They will provide a report to the president, which will state a plan for how to secure these networks within 180 days of the executive order.
- The secretary of DHS will examine the efficacy of the existing cybersecurity policies and make recommendations for any changes that need to be made.
- The secretaries of Commerce and Homeland Security will consult with the secretary of Defense, the attorney general, the director of the FBI, the chairs of the Federal Communications Commission and Federal Trade Commission, and other interested agency heads, about how to combat automated cybersecurity attacks such as denial of service attacks, and will submit a publicly available report within 240 days.
- Within 90 days of the date of this order, the secretaries of State, Treasury, Commerce, Homeland Security, and Defense, the attorney general, and the United States trade representative, in coordination with the director of national intelligence, shall jointly submit a report on the nation’s options for deterring adversaries and better protecting the American people from cyber threats.
- The secretary of State will be required to submit a report on international cybersecurity policy priorities.
- The secretaries of Commerce and Homeland Security, in consultation with the secretaries of Defense, Education, and Labor, the director of the Office of Personnel Management, and other executive branch agencies identified by the secretaries of Commerce and Homeland Security, will address the state of education of the cybersecurity workforce and present a report to the president within 120 days.
- The director of national intelligence will submit a report to the president on the education of the international cybersecurity workforce within 60 days.
- The secretary of Defense, in coordination with the secretaries of Homeland Security and Commerce, will write a report on the scope and sufficiency of U.S. efforts to ensure U.S. national security-related cyber capability advantage within 150 days of the order.