Big changes in Trump’s cybersecurity executive order

An executive order awaiting President Trump’s signature is aimed at improving nation’s hacker defenses — including a plan to have the U.S. military review what kids are learning about cybersecurity in school.

The president was expected to sign the mandate Tuesday. But instead Trump met with NSA director Admiral Mike Rogers, senior adviser Jared Kushner, chief strategist Steve Bannon and other national security officials to discuss it.

The executive order on cybersecurity seeks to consolidate responsibility for protecting the government from hackers. Right now, every agency is in charge of defending itself. This has caused years of consternation for the White House and agencies like Homeland Security, as each agency has different IT practices and exerts jurisdiction over its own networks.

But Trump intends to give ultimate responsibility for protecting the federal government’s computers to the White House’s budget and management office, according to a senior administration official.

That may not sit well with DHS, which under the last administration sought to position itself as the protector of federal networks.

However, Trump also promised that if any federal agency gets hacked, the blame would fall squarely on that agency’s top official.

“I will hold my cabinet secretaries and agency heads accountable, totally accountable for the cybersecurity of their organization,” Trump told news reporters Tuesday.

CNNMoney obtained an early draft copy of the executive order, which lists several changes that match Trump’s campaign promises to overhaul the nation’s cybersecurity.

The draft executive order calls for a complete review of the most critical hacking vulnerabilities in the nation’s military, intelligence and civilian government computer systems. It’s a vast undertaking that would include examining the computer networks of internet service providers, data centers and many private sector companies used by the government.

The Trump administration expects “initial recommendations” within 60 days of the eventual signing of the order, a demand that cybersecurity experts have noted is a daunting task given the sprawling size of the government’s computer systems.

The draft executive order also seeks some coordination between the U.S. military, law enforcement and schools.

The Trump administration wants the Department of Education to start sharing information with the Department of Defense and the Department of Homeland Security that shows what children are learning about computer science, mathematics and cybersecurity education.

The goal is “to understand the full scope of U.S. efforts to educate and train the workforce of the future,” according to the draft report. That would be a first step toward training the 100,000 cybersecurity specialists and hackers that the nation needs by 2020, a suggestion that was made by former President Obama’s special cybersecurity commission just before Trump took office.

Under this draft order, Defense Secretary James Mattis would be charged with making “recommendations as he sees fit in order to best position the U.S. educational system” to keep an edge on cybersecurity.

The draft order also says that the Trump administration’s commerce secretary will come up with ways of prodding the private sector into “accelerating investments in cybersecurity tools, services, and software.”

Cybersecurity experts who reviewed the draft order gave it mixed reviews.

“I think it’s good. The security community has been asking for this for a long time: Basically find out where the gaps are, train people better and fix commercial vulnerabilities,” said Jared DeMott, chief technology officer at Binary Defense Systems. He previously worked at the National Security Agency, where he spotted hacking vulnerabilities in computer equipment.

But Scott Vernick, a data security lawyer in Philadelphia, noted that the draft order makes no mention of the role that FBI, CIA and other major law enforcement agencies have in protecting the nation from hackers.

CNN’s Jeff Zeleny and Tal Kopan contributed to this report

Exit mobile version