EO on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

President Trump's "Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure" is a significant EO. Someone is finally taking Cybersecurity seriously. So many complain, yet nothing seems to be done about it.

The EO discusses improvements to the Nations' Internet infrastructure, protection of the power grid, replacement of antiquated IT systems in federal government, protection against cyber threats, risk management, etc.

If Obama had done this 8 years ago, maybe we would not be getting hacked by countries like Russia.

These seems like important parts:

examines the sufficiency of existing Federal policies and practices to promote appropriate market transparency of cybersecurity risk management practices by critical infrastructure entities

and

jointly lead an open and transparent process to identify and promote action by appropriate stakeholders to improve the resilience of the internet and communications ecosystem and to encourage collaboration with the goal of dramatically reducing threats perpetrated by automated and distributed attacks

That might be targeting what we have found out about the CIA not telling companies about vulnerabilities that they detected in their systems.

Section 1. Cybersecurity of Federal Networks.

(a) Policy. The executive branch operates its information technology (IT) on behalf of the American people. Its IT and data should be secured responsibly using all United States Government capabilities. The President will hold heads of executive departments and agencies (agency heads) accountable for managing cybersecurity risk to their enterprises. In addition, because risk management decisions made by agency heads can affect the risk to the executive branch as a whole, and to national security, it is also the policy of the United States to manage cybersecurity risk as an executive branch enterprise.
...
Sec. 2. Cybersecurity of Critical Infrastructure.

(a) Policy. It is the policy of the executive branch to use its authorities and capabilities to support the cybersecurity risk management efforts of the owners and operators of the Nation's critical infrastructure (as defined in section 5195c(e) of title 42, United States Code) (critical infrastructure entities), as appropriate.

(b) Support to Critical Infrastructure at Greatest Risk. The Secretary of Homeland Security, in coordination with the Secretary of Defense, the Attorney General, the Director of National Intelligence, the Director of the Federal Bureau of Investigation, the heads of appropriate sector-specific agencies, as defined in Presidential Policy Directive 21 of February 12, 2013 (Critical Infrastructure Security and Resilience) (sector-specific agencies), and all other appropriate agency heads, as identified by the Secretary of Homeland Security, shall:
...
Sec. 3. Cybersecurity for the Nation.

(a) Policy. To ensure that the internet remains valuable for future generations, it is the policy of the executive branch to promote an open, interoperable, reliable, and secure internet that fosters efficiency, innovation, communication, and economic prosperity, while respecting privacy and guarding against disruption, fraud, and theft. Further, the United States seeks to support the growth and sustainment of a workforce that is skilled in cybersecurity and related fields as the foundation for achieving our objectives in cyberspace.

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

This EO from May 1 is on a related subject:

Presidential Executive Order on the Establishment of the American Technology Council

Section 1. Policy. It is the policy of the United States to promote the secure, efficient, and economical use of information technology to achieve its missions. Americans deserve better digital services from their Government. To effectuate this policy, the Federal Government must transform and modernize its information technology and how it uses and delivers digital services.

Improvements in technology will improve cybersecurity.

Ut oh Trump did something again.

Initiate partisan bickering in 3.. 2.. 1.........

a reply to: BlueAjah

Obama didn't have time to take care of America because he was busy using the spying agencies to spy on other political figures, candidates that went against the democrats and American citizens

He is the reason the spying agencies became one of the most corrupted in America history right now.

But hell no, Trump is a dictator, remember, he wants to control the FBI now.

Darn I guess he will never be a president under the eyes of whatever have become of the Democrats this days.

a reply to: BlueAjah

Is about time, we are letting other emerging countries take a foot hold on technology, to the point that we have to import the technology and those that works on it from oversea.

What a joke, a nation can not keep his status of superpower when it depend on foreigners for its needs.

Is a darn time.

a reply to: marg6043

That's a very good point. Most of our technology comes from overseas. That does put us at a significant disadvantage. We are a dependent country. I hope that changes.

It's just a matter of time until the Government controls the internet. 1984 is just around the corner.

Be careful what you wish for....

I definitely back this up. With china engaging in a number of cyber theft, we need to step up our cyber security infrastructure.

Right now, there is a new arms race in the fight to attain Quantum Computers, this would effectively end cyber theft, but open up a whole new can of worms.

a reply to: olaru12

*rolls eyes*

You need to get out more.

originally posted by: BlueAjah
This EO from May 1 is on a related subject:

Presidential Executive Order on the Establishment of the American Technology Council

Section 1. Policy. It is the policy of the United States to promote the secure, efficient, and economical use of information technology to achieve its missions. Americans deserve better digital services from their Government. To effectuate this policy, the Federal Government must transform and modernize its information technology and how it uses and delivers digital services.

Improvements in technology will improve cybersecurity.

On what budget?? There's nothing in there about upgrading computer systems or technology. A full upgrade of all machines and networks is not going to be cheap -- and I remember reading a number of years ago that many departments were rumbling along with fairly old computers.

How are departments to upgrade their systems and make sure they've got reliable network admins with a budget cut?

This is just more Handwavium By Executive Order. Anyone here who's gone through a "my company is upgrading their computer systems" will tell you that it takes quite a long time (unless you're a two-person compay) and usually causes all sorts of unexpected issues because they will have to upgrade software licenses as well.

originally posted by: Arnie123
a reply to: olaru12

*rolls eyes*

You need to get out more.

I've gotten out enough to know this EO binge is just a transparent attempt to try and change the narrative away from Russiagate. The IC will continue and bring about a special counsel.

I worked for the GOP and still have a few contacts. The WH is leaking like the proverbial sieve. Trump can write all the EOs he wants but until he gains control of his own party; It's just more twitterbitch BS.

a reply to: Byrd

They should have been doing this all along. Then they would not have gotten so far behind. Any responsible company would do so.
Old systems are vulnerable.
If people are going to complain about Russia hacks, then they need to be willing to do what needs to be done to fix it.

Departments can trim the fluff in other areas to cover this important use of resources.

a reply to: Byrd

Also, from today's White House press briefing:

Homeland Security Advisor Tom Bossert said:

One of the block-and-tackle things that he directed us to do before the executive order was to get the money right. He’s picked a Cabinet full of people that know that business operations and business functions have to follow first so that you can then provide policy that he can implement -- right? So policy sets direction and vision, but if you don't have the right money and back-office infrastructure and so forth to implement those things, then you have to either change your vision or change your amount of money.
...
And then, lastly, in between now and then, the President’s FY18 budget allocated $319 million to DHS’s cybersecurity budget alone. We have dedicated an increase of $1.5 billion across all departments involved in protective cyberspace.

So, from my perspective, both his first budget request and his future ones have right-sized and aligned that amount of money, keeping America safe. And that might answer all three components of your question.

a reply to: BlueAjah


The Democrat mainstream media is not covering this Executive Order because Democrats don't really care if countries try to hack into our election systems. That's just FAKE concern on their part. MSM and Democrats are obsessed with the possibility that collusion affected the 2016 election...not hacking.

a reply to: carewemust

Exactly.

The ironic thing is that the Russian "interference", if that is what it was, was actually only revealing the truth to the American people.

Also, Clapper said in testimony that the Russians have been attempting to interfere in the elections of the US and other countries for decades.
It is not like all of a sudden they decided to help Trump, or that Trump had anything to do with it.

In an interview on TV last night, they said that the true FBI investigation has nothing to do with Trump or top level Trump aides. It is supposedly about 5 normal Americans who were compromised by Russian spies. Meaning, the persons were not even aware that they were dealing with Russians.

originally posted by: BlueAjah
a reply to: Byrd

Also, from today's White House press briefing:

Homeland Security Advisor Tom Bossert said:

One of the block-and-tackle things that he directed us to do before the executive order was to get the money right. He’s picked a Cabinet full of people that know that business operations and business functions have to follow first so that you can then provide policy that he can implement -- right? So policy sets direction and vision, but if you don't have the right money and back-office infrastructure and so forth to implement those things, then you have to either change your vision or change your amount of money.
...
And then, lastly, in between now and then, the President’s FY18 budget allocated $319 million to DHS’s cybersecurity budget alone. We have dedicated an increase of $1.5 billion across all departments involved in protective cyberspace.

So, from my perspective, both his first budget request and his future ones have right-sized and aligned that amount of money, keeping America safe. And that might answer all three components of your question.

That'd be about the right amount of money (if it gets through) -- but the budget didn't seem to include much of a raise in funds (many departments are cut)

But let me speak from experience that business people are the WRONG ones to have advising on tech and security. I've lived through any number of bad tech decisions made by my bosses and their higher ups who ignored what I told them and later found out that I was right. And, if you'll recall, Trump's cybersecurity advisor during the campaign (Giuliani) had his cybersecurity website hacked and didn't notice it until the press called attention to it.

Sources

www.alternet.org...

www.channel4.com...

www.blackenterprise.com...


And finally, to address what you and CareWeMust said, the mainstream media (liberal as well as conservative) did indeed carry the story, though if you don't read many news sources you may not have realized this. I read from aggregators, so I get both conservative and liberal and even foreign sources.

www.forbes.com...

www.csoonline.com...

www.politico.com...

thehill.com...

...and then the Geek Media weighs in and finds it a bit wanting

techinamerica.com...

www.securityweek.com... (warning - annoying popup ads here)

www.techspot.com... ("Mostly demands a lot of report writing")

Heck, even entertainment sites carried the news

www.planetrock.com...

...etc.

So, yes, they covered it (I did not add the Snopes coverage and op-eds on it and I just linked only the first page of results. I always use news.google.com as my aggregator, which returns both domestic and foreign news and from liberal, conservative, and centrist media.

originally posted by: Byrd

originally posted by: BlueAjah
a reply to: Byrd

Also, from today's White House press briefing:

Homeland Security Advisor Tom Bossert said:

One of the block-and-tackle things that he directed us to do before the executive order was to get the money right. He’s picked a Cabinet full of people that know that business operations and business functions have to follow first so that you can then provide policy that he can implement -- right? So policy sets direction and vision, but if you don't have the right money and back-office infrastructure and so forth to implement those things, then you have to either change your vision or change your amount of money.
...
And then, lastly, in between now and then, the President’s FY18 budget allocated $319 million to DHS’s cybersecurity budget alone. We have dedicated an increase of $1.5 billion across all departments involved in protective cyberspace.

So, from my perspective, both his first budget request and his future ones have right-sized and aligned that amount of money, keeping America safe. And that might answer all three components of your question.

That'd be about the right amount of money (if it gets through) -- but the budget didn't seem to include much of a raise in funds (many departments are cut)

But let me speak from experience that business people are the WRONG ones to have advising on tech and security. I've lived through any number of bad tech decisions made by my bosses and their higher ups who ignored what I told them and later found out that I was right. And, if you'll recall, Trump's cybersecurity advisor during the campaign (Giuliani) had his cybersecurity website hacked and didn't notice it until the press called attention to it.
...

I am sure that Trump has the resources to get recommendations from tech people when making these types of decisions. Everything in the EO makes sense to me.

I do know what you mean about business people though
I have been there.
...like when you have to explain to an executive why you need a firewall AND virus protection. (I was really asked that when getting a budget approved.)

My head almost exploded when a different executive said that he thinks we have too many passwords, and why do we need passwords within the company anyway, and he wanted to have a meeting to discuss it... all because he could not remember 3 passwords (one of which was for a login on a publicly available server) and had to constantly call for resets. He actually said "if someone wants to get into something they will anyway, so why do we need passwords". Of course I went to someone above and said that no IT person in their right mind is going to take responsibility for a network with no user security.

originally posted by: BlueAjah
I am sure that Trump has the resources to get recommendations from tech people when making these types of decisions. Everything in the EO makes sense to me.

Yes and no. What tech people are saying, and what business people hear, are often two totally different things.

I would be very surprised if we actually take it seriously. It wasn't until Obama got into office that the White House had computers made after 1985 in it.

Trumps cyber security guy couldn't even tell you the differences in something simple like AES, RSA, SHA, or how long we can expect 256 bit vs 512 bit encryption to remain secure for. Why should anything he says on the subject be trusted, when he knows less about cyber security than you learn in the first week of a class on the subject?