Cipher Brief Expert View: Trump's Cyber Executive Order

By James Lewis

James Lewis is a Senior Vice President and Program Director at the Center for Strategic and International Studies (CSIS).  Before joining CSIS, he worked at the Departments of State and Commerce.  He was the advisor for the 2010, 2013 and 2015 United Nations Group of Governmental Experts on Information Security and has led a long-running Track II dialogue on cybersecurity with the China Institute of Contemporary International Relations.

The long-awaited executive order on cybersecurity is out. It’s not dramatic or surprising (perhaps because drafts have been floating around Washington for weeks), but it has good ideas. It’s level-headed and pragmatic. The main thing to consider with the order is that it is mainly a presidential task order, calling for reports on where we are, and what steps we should take in cybersecurity due in 45, 90, 120, 180, 240, or, in one case, 365 days. In short, check back regularly over the next year to see where this Administration comes out on cybersecurity. As an omen or predicator of this outcome, the order is encouraging. 

A quick summary: the order makes agency heads accountable for cyber risk management, using the National Institute of Standards and Technology framework. It calls for reports on a broad range of topics. This includes modernizing federal IT and moving to shared services, finding ways to support critical infrastructure – where a cyber-attack could have a “catastrophic effect” – with special attention to the power grid and its vulnerability to cyber attack, and to develop plans to make cyber practices of publicly traded critical infrastructure companies more transparent. The Secretaries of Commerce and Homeland Security are to come up with a process and a plan to deal with botnets. The Department of Defense will assess the vulnerabilities of military systems and the defense industrial base. There are more taskings for reports on deterrence, international cooperation and workforce development. These are all good things and some are long overdue.

“The Cipher Brief has become the most popular outlet for former intelligence officers; no media outlet is even a close second to The Cipher Brief in terms of the number of articles published by formers.” —Sept. 2018, Studies in Intelligence, Vol. 62

Access all of The Cipher Brief’s national security-focused expert insight by becoming a Cipher Brief Subscriber+ Member.

Subscriber+


Related Articles

How Safe Would We Be Without Section 702?

SUBSCRIBER+EXCLUSIVE INTERVIEW — A provision of the Foreign Intelligence Surveillance Act that has generated controversy around fears of the potential for abuse has proven to be crucial […] More

Search

Close