White House Issues Cybersecurity Order


On May 11, 2017, U.S. President Donald Trump signed an executive order to enhance government’s cybersecurity and protect the nation’s critical infrastructure from cyberattacks, which have become the top priority. The executive order implements both a review of cybersecurity on the part of federal agencies and a strengthens critical infrastructure.

The order seeks to improve the network security of U.S. government agencies, from which foreign governments and other hackers have accessed millions of personal records and other forms of sensitive data in recent years. The White House said the order also aimed to enhance protection of critical infrastructure, such as the energy grid and financial sector, from sophisticated attacks that could pose a national security threat or cripple parts of the economy.

Under the order, heads of federal agencies must use a framework developed by the National Institute of Standards and Technology (NIST) to assess and manage cyber risk, and prepare a report within 90 days documenting how they will implement it. The Obama administration had previously encouraged the private sector to adopt the voluntary NIST framework, however, government agencies were not required to do so, which often made them vulnerable and unable to respond to major attacks, such as the theft of more than 20 million personnel records from the Office of Personnel Management.

The order includes an IT-upgrade initiative, which aims to sync information technology services and networks across government agencies. Most importantly, the administration seeks to modernize aging federal IT systems. It also urges voluntary cooperation with the private sector to develop better strategies to fend off and reduce attacks from botnets, or networks of infected devices.

The executive order makes no mention of Russia’s hacking and election interference, despite it being one of the most concerning breaches of national cybersecurity in U.S. election history.