President’s executive order sets the tone for cyber standards

CERT-LatestNews Security News ThreatsCybercrime Uncategorized

The cyber security executive order issued by President Donald Trump in May, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” calls for reports from various agencies on their cyber security risk management efforts.

“It is the executive branch’s policy to promote an open, interoperable, reliable and secure internet that fosters efficiency, innovation, communication and economic prosperity, while respecting privacy and guarding against disruption, fraud and theft,” says the order.

The order says the president will hold agency heads accountable for managing cyber security risk, and requires federal agencies to engage with critical infrastructure entities on the issue of cyber security.

It also calls for an examination of the sufficiency of existing federal policies and practices “to promote appropriate market transparency of cyber security risk management practices by critical infrastructure entities.”

The executive order calls for an assessment of a “prolonged power outage associated with a significant cyber incident,” and the United States’ readiness “to manage the consequences of such an incident.”

Experts say that in contrast to the Trump administration’s initiatives in other areas, the executive order builds on, rather than departs from, Obama administration policies.

President Barack Obama issued a cyber security executive order in 2013 that, among other provisions, required federal agencies to produce unclassified reports of threats to U.S. companies, with the reports to be shared with targeted entities in a timely manner.

“Cyber security, in general, transcends any kind of political affiliation,” said Eric Cernak, Hartford, Connecticutbased cyber risk and privacy practice leader at Munich Reinsurance America Inc. “Every administration recognizes” its importance.