US President Donald Trump signs an executive order as Vice President Mike Pence and Chief of Staff Reince Priebus look on at the White House in Washington, DC on January 20, 2017. (Photo credit: JIM WATSON/AFP/Getty Images)
Perhaps it’s a relief there’s little that appears controversial in Trump’s latest executive order (EO) on improving America’s cybersecurity. Indeed, much of what the new president will demand in the full EO, expected to be signed off today, was set in motion by the Obama administration, according to White House briefings this morning.
As revealed by a White House official, the EO, amongst other orders, directs the head of the Office of Management and Budget to assess and manage the risk of the entire federal executive branch, and asks agency heads to plan for modernization of IT systems. The secretary of Homeland Security, John Kelly, and other agency heads will be asked to coordinate with the “operators of the most essential of critical infrastructure entities” to plug digital weaknesses, the official said.
In a briefing Q&A, they admitted to taking on old ideas, but promised to deliver on them: “A number of these recommendations have been made by [the Center for Strategic and International Studies] in 2009 and again by President Obama’s commission led by Tom Donilon and Sam Palmisano again in 2016,” the official said. “So the changes are in management philosophy, in enterprise risk management, and modernizing federal IT. Not that that’s something previous presidents haven’t tried, but President Trump has a plan for accomplishing it.”
It’s unclear whether plans in a draft that leaked to the Washington Post over the weekend would be enacted too. It asked intelligence and defense agencies to produce reviews of U.S. offensive cyber capabilities and recommendations. The same should be provided for foreign adversaries, as well as a review of the most critical digital weaknesses across connected infrastructure. Trump, the document indicated, wanted all that done in 60 days.
Following the hack of the Office of Personnel Management, when 21 million citizens’ data was stolen, Obama ordered a similar review of government security, though he asked for a shorter timeframe of 30 days.
“None of it is sensible”
Rob Graham, of offensive cyber firm Errata Security, predicted an almost like-for-like strategy between the old and new governments. “They’ll just grab Obama’s plans, edit them a bit, and publish them as the new strategy,” Graham said. “None of it is sensible. It’s Washington beltway talking to itself without consulting outside technical people.”
But it’d be no bad thing if the Trump administration did copy the Obama regime, said Peter Singer, strategist and senior fellow at New America. “The joking way of putting it is: this is one place I would urge them to do something they ironically have a great track record of, which is plagiarism,” he told FORBES. Singer said the most interesting aspect of the order was what Trump didn’t address, in particular an investigation of the “biggest hack in history”: the alleged breach of electoral and democratic institutions by Russia’s intelligence agencies. There was also no mention on encryption and how the government may seek to break it in order to uncover data on American enemies.
Trump hasn’t left much of a good impression across the security industry with his executive orders so far, including the much-disputed immigration EO, said Rob M. Lee, a former U.S. intelligence analyst and founder of critical infrastructure protection company Dragos Security. “I’ve heard a lot of discussions on this from folks in the industry and right now there’s just no confidence in it,” he added. “The Trump administration is fairly unpredictable and the unrelated but seemingly sporadic executive orders take away from the confidence folks might have. In addition with comments by the administration such as the acting attorney general ‘betraying’ the White House, it’s not likely to foster government officials’ desires to present real facts that may not please the administration.”
Got a tip? Email at TFox-Brewster@forbes.com or firstname.lastname@example.org for PGP mail. Get me on Signal on +447837496820 or email@example.com on Jabber for encrypted chat.