Trump’s Executive Order on Cyber Security: What to Expect

Brook Zimmatore | February 6, 2017

If you haven’t been hearing about Trump’s executive orders lately, you may be part ostrich and have your head in the sand.  But while newscrawls have focused on immigration, another executive action has been discussed in the world of cybersecurity.

Trump’s team has named cyber security one of their top priority issues.  He was expected to sign an executive order on cyber security this week.  That didn’t happen.

Chances are, there will be some minor revisions before this executive order gets issued, which would explain the delay.  Still, there are some critical and strong components that will likely remain intact.

Ordering an Enemy Analysis

One part of the executive order, which will likely remain intact, orders an analysis of this nation’s top cyber enemies.  During the election there was talk of Russian interference.  When Sony pictures got hacked some experts believed it was North Korea.

Individual actors, independent teams, and nation teams have all been responsible for various cyber attacks in recent months and years.  Trump’s team wants a thorough analysis of cyber threat intelligence stat.

One piece that may change: the original draft of the executive order gave only 60 days for this analysis.  A revision of the timeline may occur before the executive order gets signed.

Ordering an Internal Assessment

Another big news item this past year was the hack of the Office of Personnel Management (OPM), the inter-agency personnel records office that keeps such sensitive data as names, addresses and social security numbers of government employees.  That attack was also noteworthy because it wasn’t particularly sophisticated, yet it stole thousands of records.

Perhaps in response to that attack and other threats, Trump’s proposed executive order demands an internal assessment of the “civilian Federal Government, public and private sector infrastructure,” as well as demanding recommendations for the organizations, tasks and resources of government agencies to “fulfill their missions.”

In layman’s terms, that means that all government agencies, such as the NSA, CIA, Department of Homeland Security (DHS) and others would have 60 days to assess their infrastructure and report on weaknesses.  Trump’s team also wants to make each agency completely responsible for their own cybersecurity, with reporting going to the White House of compliance.

Various computer systems and protection devices throughout government agencies are notoriously dated.  For example, the perimeter protection OPM had in place when it was hacked was more than a dozen years old.  Cyber years work kind of like dog years: multiply that number by 7 and you have its equivalent age.

Again, the time frame may get revision, but expect these demands to remain part of the executive order.

Calling for Incentives

Government incentives over the years have encouraged all kinds of innovation.  For example, incentives in alternative powers have led to widespread creation of electric cars and solar power.

So, in this executive order, Trump calls for a report on how to incentivize the private sector to improve security protections, via the Secretary of Commerce.

This part of the executive order will likely remain intact: without private corporations also taking it upon themselves to adopt effective cyber security measures, the United States is still vulnerable.  Hackers go after the “big fish” like Target, Home Depot and other US brands, and a chain is only as strong as its weakest link: all up and down the supply line in the private sector, increased cyber security measures are overdue.

Ordering Educational Coordination

One interesting part of the executive order has to do with the future of cyber security: how is the educational system preparing American youth in the subjects of computer science, mathematics and cyber security?

The answer, for the most part at this time, is likely, “not very well.”  In order for the United States to keep up with other state actors on the cyber playing field, the executive order calls for recommendations to “best position the US education system to maintain its competitive advantage in the future.”

While America’s youth certainly know how to use a smart phone or text with emoji’s, they may not be getting educated about the code behind such devices that hackers use to infiltrate those same devices.  For our educational system to keep up with others around the globe, computer science will likely need to become a mandatory subject, with computer languages possibly becoming the new “foreign language requirements” for college-bound seniors.

There’s another incentive for cyber education as well: there are thousands of unfilled cyber security jobs in this country, and that number is expected to continue to grow.  So, for those young people educated to work in cybersecurity, looks like they will also have job security.

That part of Trump’s executive order is likely to remain, though it’s possible it will be revised to include even stronger language, demanding that America’s youth get educated to understand technology and level the global playing field.

Of course, at this time this is all speculation.  Stay tuned to our newsfeed to see what becomes of the Trump administration’s cyber demands.

Brook Zimmatore
CEO / Co-Founder
Brook Zimmatore is the Co-Founder & CEO at Massive. You can reach him directly at bz[at]massivealliance.com.