President Donald Trump has signed an executive order on cybersecurity as a response to the WannaCry ransomware attack. This executive order is entitled as “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” The executive order contains three main sections and a fourth category that includes some definitions of terms that are contained in the order.
The first section of the executive order is regarding Cybersecurity of Federal Networks. This section states that the United States Information Technology (IT) should have the data secured responsibly by the United States Government. The President said that he will also be holding the heads of executive departments and agencies accountable for managing cybersecurity risk to their enterprises. One of the findings included in this first section is that the executive branch has been too accepting of IT in that it is antiquated and difficult to defend. To manage these risks, the first section includes a risk management section, which includes ideas of how to reduce future cybersecurity risk. For example, the head of each agency must provide a risk report to the Secretary of Homeland Security and Director of Office of Management and Budget.
The second section of the executive order is regarding Cybersecurity of Critical Infrastructure. This section states that support must be provided to the critical infrastructure that faces the greatest risk. It also describes how the Secretary of Commerce and Secretary of Homeland Security will both go through an open process to try and improve how resilient the internet is, so they can reduce threats of automated attacks.
The third section of the executive order is regarding Cybersecurity for the Nation. This section states that its mission is to “support the growth and sustainment of a workforce that is skilled in cybersecurity and related fields as the foundation for achieving our objectives in cyberspace.” It seeks to come up with strategies to deter adversaries and try and provide more protection to the American people from cyber threats. It also mentions how the United States will need to work with allies to help maintain a globally-secure internet. Also, it states that we need to ensure the United States is able to maintain a cybersecurity advantage in long term. This section wants to try and educate the American cybersecurity workforce of the future. The education includes training through the general education curriculum.
Although, this executive order is a step in the right direction for future cybersecurity after the WannaCry attack, it may not be enough to truly ensure the People and their Government are protected from another attack. There are some who think that although this executive order is a positive step, there is still much more that needs to be done to ensure we are more secure. Although, this executive order may not be perfect, one of the main positives is that corporate leaders will be much more accountable for their own cybersecurity. This way, it is not just up to the IT departments of large corporations to ensure they are secure, but there is also some responsibility of the CEOs or agency heads to ensure that cybersecurity is a priority.
At our law firm, we assist clients with legal issues related to privacy, cybersecurity, and e-commerce transactions. Please contact us to set up an initial consultation.