14 DAY TRIAL // After missing the self-imposed deadline to deliver a proper cybersecurity strategy, Donald Trump has finally signed the executive order. In a move that was somewhat expected by the tech community, the order indicates the Executive Branch will take overall command of securing the critical IT systems of the United States.
"The President will hold heads of executive departments and agencies (agency heads) accountable for managing cybersecurity risks to their enterprises," reads the order. "In addition, because risk management decisions made by agency heads can affect the risk to the executive branch as a whole, and to national security, it is also the policy of the United States to manage cybersecurity risk as an executive branch enterprise."
Trump has promised throughout his campaign that he would deliver a plan to tackle cybersecurity within the first 90 days in office. Signing the order was unexpectedly delayed in late January and then the deadline passed without a mention of the order. Now, 111 days after stepping into the White House, Trump has signed an order that puts all control over American cybersecurity in the arms of the Executive, which means including in his own arms.
Following the order, all federal agencies will have to enforce the National Institute of Standards and Technology guidance document and will report their progress in the next 90 days, although this time extensions may not be permitted.
After all reports are filed, the Secretary of Homeland Security and the Director of the Office of Management and Budget will have to assess them all and present the information to the President within another 60 days. It is also within their job to come up with a plan to protect the executive branch from any and all security holes.
To make it all seem more and more like school, no one is spared from writing reports. The Director of the American Technology Council will ask each agency to come up with a plan for combining IT infrastructure for all departments within 90 days. The Secretary of Defence and the Director of National Intelligence also have to come up with a plan to protect national security IT systems within another 150 days.
Then, the Secretary of Homeland Security, alongside the Secretary of Defense, the Attorney General, the Director of National Intelligence and the Director of the FBI (when one is appointed) have to figure out how to strengthen the US critical infrastructure, despite the fact that 80% of these systems are not owned by the government.
Reports are the answer...
That's not all, though. Additional reports need to be filed on a number of topics, including the threats posed by botnets, threats posed by hackers on the electrical system, and a way to secure the Internet against disruption, fraud, theft, while respecting privacy. The latter, of course, will likely leave those in charge baffled since there's likely no solution to that problem.
Basically, what Trump has done with this executive order is... nothing. The only thing he's managed to do is delegate a lot of work and demand reports upon reports that will probably never get read. Every task the President has delegated has a deadline that ranges between 60 days and 150 days, although some of these tasks have to be done in order, so the final solution may not come for a rather long time.