President Donald Trump signed a long-awaited executive order on Thursday (11 May) to modernise and improve the nation's cybersecurity and safeguard critical infrastructure from cyberattacks. Trump's homeland security adviser Tom Bossert said the order fulfills the president's promise to "keep America safe, including in cyberspace".
"I think the trend is going in the wrong direction in cyberspace, and it's time to stop that trend and reverse it on behalf of the American people," Bossert said during a press briefing. "We've seen increasing attacks from allies, adversaries, primarily nation states but also non-nation state actors, and sitting by and doing nothing is no longer an option."
Bossert noted that the order was not prompted by Russia's targeting of the presidential election last year.
"It wasn't a Russian-motivated issue, it was a United States of America-motivated issue," Bossert said. "The Russians are not our only adversary on the Internet and the Russians are not the only people that operate in a negative way on the Internet. The Russians, the Chinese, the Iranians, other nation states are motivated to use cyber capacity and cyber tools to attack our people and our governments and their data.
"That's something we can no longer abide. We need to establish the rules of the road for proper behavior on the Internet, but we also then need to deter those who don't want to abide by those rules."
In January, Trump promised to develop a plan to bolster the nation's cybersecurity within 90 days of taking office. However, the White House later cancelled plans to sign an executive order on cybersecurity without explanation.
The new order mandates that federal agency heads must be held accountable for protecting their networks and implementing risk management measures.
"Risk management decisions made by the agency heads can affect the risk to the executive branch as a whole, and to national security," the order reads. "The executive branch has for too long accepted antiquated and difficult-to-defend IT.
"Effective risk management involves more than just protecting IT and data currently in place. It also requires planning so that maintenance, improvements and modernization occur in a coordinated way."
Trump's American Technology Council has 90 days to develop a plan to modernise the federal IT systems by transitioning all agencies or some of them to "one or more consolidated network architectures" or "shared IT services, including email, cloud and cybersecurity services".
"We've got to move to the cloud and try to protect ourselves instead of fracturing our security posture," Bossert said. "If we don't move to shared services, we have 190 agencies all trying to develop their own defenses against advanced collection efforts."
The order calls on all federal agencies to implement cybersecurity policies set up by the National Institute of Standards and Technology.
"From this point forward, departments and agencies shall practice what we preach," Bossert said. "A lot of progress was made in the last administration, but not nearly enough."
The executive order comes amid intense scrutiny into Trump's decision to fire former FBI director James Comey who was heading the probe into allegations of Russian meddling in the recent election and any links between Russia and Trump's campaign.
Leo Taddeo, chief information security officer of Cyxtera Technologies, told IBTimes UK that the order "implements important first steps" towards addressing the country's cybersecurity challenges.
"The Order is not a plan to fix the federal government's cybersecurity challenges," Taddeo said. "It highlights the cybersecurity issue, put agency heads on notice that they are accountable, and directs them to assess the risk and develop plans to mitigate them. This is a solid approach.
"The question is whether agencies will be able to execute the plans within reasonable spending constraints. The best hope in the order is the emphasis on shared services as a means to increase cybersecurity and reduce spending."