- Improving federal cybersecurity, specifically in the nation’s networks and infrastructure settings, is the key focus in a recent executive order President Trump signed earlier this week.
Federal network cybersecurity must be improved in policy, findings, and risk management, according to a White House statement.
“The President will hold heads of executive departments and agencies (agency heads) accountable for managing cybersecurity risk to their enterprises,” the executive order reads. “In addition, because risk management decisions made by agency heads can affect the risk to the executive branch as a whole, and to national security, it is also the policy of the United States to manage cybersecurity risk as an executive branch enterprise.”
Agencies must implement risk management measures to prevent unauthorized access, use, disclosure, disruption, modification, or destruction of IT and data, the order maintains. Cybersecurity risk management processes also need to align with strategic, operational, and budgetary planning processes.
The NIST Cybersecurity Framework, or “any successor document,” will be utilized to help manage agency cybersecurity risk.
Critical infrastructure cybersecurity will also require a strong risk management approach, the order explains.
Agency heads identified by the Secretary of Homeland Security shall “identify authorities and capabilities that agencies could employ to support the cybersecurity efforts of critical infrastructure entities identified…to be at greatest risk of attacks that could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.”
The nation’s overall cybersecurity was also addressed in the executive order. Specifically, the president highlighted the following areas for improved cybersecurity nationwide:
- Deterrence and protection
- International cooperation
- Workforce development
HITRUST commended the executive order, saying that it shows “how government and industry must refocus their attention on what matters in an effort to strengthen the nation’s capability to defend its critical infrastructure.”
HITRUST CEO Daniel Nutkis reiterated the importance of risk management, calling it the “key to cybersecurity success.”
“HITRUST stands ready to help identify and inform what risk management practices should be given priority,” Nutkis said in a statement. “In the face of the growing cyber threats to the healthcare industry, HITRUST believes the measures in the Executive Order are needed to encourage best practices, encourage investments in risk management and cyber resilience, and leverage information sharing.”
HITRUST added that it supports the mandate for government partners to examine their policies and authorities to find the best cybersecurity risk management approach. Additionally, the organization said it is ready to showcase the current cybersecurity efforts underway in the private sector.
Cybersecurity has been a key focus for the current administration. In January 2017, the president appointed Thomas P. Bossert as Assistant to the President for Homeland Security and Counterterrorism. Bossert would also advise the president on cybersecurity challenges, homeland security, and counterterrorism.
“Tom brings enormous depth and breadth of knowledge and experience to protecting the homeland to our senior White House team,” Trump said at the time of the appointment. “He has a handle on the complexity of homeland security, counterterrorism, and cybersecurity challenges. He will be an invaluable asset to our Administration.”
Bossert previously served as the Deputy Homeland Security Advisor to President George W. Bush, and was also Special Assistant to the President for Homeland Security and Senior Director for Preparedness Policy.
“We must work toward cyber doctrine that reflects the wisdom of free markets, private competition and the important but limited role of government in establishing and enforcing the rule of law, honoring the rights of personal property, the benefits of free and fair trade, and the fundamental principles of liberty,” Bossert explained. “The internet is a U.S. invention, it should reflect these U.S. values as it continues to transform the future for all nations and all generations.”