P resident Donald Trump on Thursday signed a long-delayed cybersecurity executive order that launches sweeping reviews of the federal government’s digital vulnerabilities and directs agencies to adopt specific security practices.
The directive is Trump’s first major action on cyber policy and sets the stage for the administration’s efforts to secure porous federal networks that have been repeatedly infiltrated by digital pranksters, cyber thieves and government-backed hackers from China and Russia.
“The trend is going in the wrong direction in cyberspace, and it’s time to stop that trend and reverse it on behalf of the American people,” White House Homeland Security Adviser Tom Bossert told reporters during a Thursday afternoon briefing.
Cyber specialists say the order breaks little new ground but is vastly improved over early drafts, which omitted input from key government policy specialists. The final version, cyber watchers say, essentially reaffirms the gradually emerging cyber policy path of the past two administrations.
But Bossert said that while the Obama administration made “a lot of progress” on cyber, that it didn’t do “nearly enough.”
The executive order creates a bevy of reviews, including an assessment of the cyber risks at every agency. The executive fiat also orders a review of current efforts to protect vital infrastructure like power plants and hospitals, as well as a report on building the cyber workforce, which is facing significant shortages of well-trained employees.
As part of the executive order’s IT upgrade initiative, administration officials will study the feasibility of transitioning to shared IT services and networks across the government. An estimated 80 percent of the $80 billion federal IT budget goes toward taking care of aging systems.
If the government doesn’t start to use joint IT services — such as cloud computing — Bossert said “we’re going to be behind the eight-ball for a long time.”
Senior Trump adviser Jared Kushner’s Office of American Innovation will play a significant role in the federal IT modernization effort. Earlier this month, Trump signed an executive order creating the American Technology Council, with Kushner as director, to help coordinate that effort.
A senior administration official told reporters in a background briefing that the tech council would have “the responsibility for managing” the “very difficult implementation process” of modernizing federal IT systems.
Thursday’s signing is the most concrete step Trump has taken to follow through on the numerous vows he made during the campaign and after his November victory regarding cybersecurity.
Once an obscure technical issue far from the political spotlight, cybersecurity has slowly gained prominence in recent years as digital crooks and cyber spies breached major companies like Target and Sony, as well as federal agencies like the Office of Personnel Management, which houses sensitive background check forms.
Trump has also been under pressure to take action after suspected Russian-backed hackers rattled the 2016 presidential election, infiltrating Hillary Clinton’s campaign and strategically leaking documents in what U.S. intelligence officials believe was an attempt to help install Trump in the Oval Office. The FBI is currently conducting an investigation into whether Trump aides coordinated with Moscow at all on the interference campaign.
During the transition between administrations, Trump vowed to get to the bottom of Russia’s alleged digital assault. But so far, Trump has failed to put together a promised team to investigate the hacking, and he has repeatedly suggested that parties other than Moscow may have been responsible.
Trump has also come under fire from both Democrats and some Republicans for his decision to fire FBI Director James Comey earlier this week amid the bureau’s ongoing counterintelligence investigation into whether the Trump campaign colluded at all with the Kremlin on its 2016 hacking operation.
But Thursday’s executive order — which comes as the White House tries to contain the fallout from Comey’s dismissal — does not address Russia’s election-year meddling.
Instead, it follows through on Trump’s campaign promises to examine the digital defenses protecting both the government and private sector, and to establish a plan for better locking down networks that have often left treasure troves of data exposed to hackers.