On May 11, US President Donald Trump signed an executive order to boost the country’s cyber defences in an effort to safeguard data and protect the economy. The order states that government agencies must install better safeguards on information that is held in their computer systems, and that new firewalls should be built around the nation’s critical infrastructure, such as power stations. It also requires federal agencies to adopt a centralised cloud-based framework that is designed by the National Institute of Standards and Technology (NIST) and tasks them with preparing a report on how this can be implemented.
The order was due to be signed on January 31, but was postponed without explanation. It represents the new President’s first major move on digital security, which has been a growing headache for administrators over the past few years in the wake of several huge attacks on flimsy government systems.
By placing the onus of security on the leaders of government agencies, the order may reduce buck-passing between department leaders and their IT staff when breaches occur
“Risk management decisions made by agency heads can affect the risk to the executive branch as a whole… effective risk management requires agency heads to lead integrated teams of senior executives with expertise in IT, security, budgeting, acquisition, law, privacy and human resources”, the order reads.
The new measures are firmer than previous efforts to combat cyber threats. By placing the onus of security on the leaders of government agencies, the order may reduce buck-passing between department leaders and their IT staff when breaches occur.
Although the Obama administration did make moves to boost the government’s resilience to attacks, public systems remain notoriously vulnerable. For example, in June 2015, the Office of Personnel Management disclosed that a year-long security breach had exposed 20 million personnel files to hackers. Under Obama, private firms were also encouraged to voluntarily join the NIST framework in order to bolster their defences, yet the uptake was disappointing. Trump’s new order keeps their membership voluntary, yet makes it mandatory for public agencies.
In part, the measures are a step towards safeguarding the US against attacks from malicious parties, such as last year’s huge DDoS attack that temporarily brought down internet services in parts of the country. More significantly, they are also designed to boost national security amid rising fears of foreign interference. Hostile foreign governments, most notably Russia and China, have long been engaged in cyber warfare against the US. Security agencies recently alleged that Russian hacking had influenced the outcome of the US election last year. As such, the order is part of a wider shift within the US Government to counteract this growing trend. On the same day as the order was introduced, the leaders of five intelligence departments, including the FBI, told the Senate Intelligence Committee that they were reviewing their use of Kaspersky Labs security software, citing a lack of trust in the Russian-made platform.