Is Trump’s cybersecurity order merely ‘a plan to make a plan’?

12 May 2017

US president Donald Trump. Image: Action Sports Photography/Shutterstock

Following several high-profile, highly embarrassing cyberattacks in the US, President Trump has signed an order to revamp processes.

Just a few weeks before leaving office, former US president Barack Obama ordered a full review of cyberattacks and foreign interventions into US operations.

Although this investigation merely covered the most recent of stories – the presidential election that saw Donald Trump rise to power – it was perhaps indicative of how far things have gone in the US.

Leaked reports

For example, only one month before Obama’s December project began, reports emerged that the US navy had begun an investigation into how the personal data of more than 130,000 sailors was stolen.

In June 2015, the US Office of Personnel Management revealed that it had been the hit by a breach that saw 20m American citizens’ personal data compromised.

China was linked with the latter, before a Pentagon breach reported around the same time was linked to Russia. Medical giant Anthem, US Airlines and even Sony showed just how any organisation, in any area, could be hit.

With constant rumours about foreign states in each major attack, it was only a matter of time before the US president acted.

New cybersecurity order

Under the latest order, a series of checks will be put in place, with heads of agencies ultimately held accountable for many areas of cybersecurity. It is they who must implement risk management measures and update their systems.

If this sounds simple, it’s because it’s the same advice that every internet user is given: stay updated on the latest security software, and work out what you want to be accessible in certain areas of your network.

International cooperation is a point of interest in the order, with alliances the logical step for any form of security defence.

“As a highly connected nation, the US is especially dependent on a globally secure and resilient internet, and must work with allies and other partners,” reads the document.

A plan to make a plan

Heads of several agencies have 45 days to submit reports on how they will collaborate with foreign allies, what areas they will collaborate on and how they will respond to mutual threats.

“The trend is going in the wrong direction in cyberspace, and it’s time to stop that trend and reverse it on behalf of the American people,” said Tom Bossert, homeland security adviser.

However, not everyone is happy with the order, which has drawn criticism from the Information Technology and Innovation Foundation (ITIF).

“We are disappointed to see that this executive order is mostly a plan for the government to make a plan, not the private sector-led, actionable agenda that the country actually needs to address its most pressing cyber threats,” said Daniel Castro, vice-president of the ITIF.

“It is a good sign, though, that the White House included much-needed government IT modernisation and consolidation as part of the executive order.”

Donald Trump. Image: Action Sports Photography/Shutterstock

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com