The White House plan to address cybersecurity is taking shape. (White House / Pho.to / GeekWire Graphic)
President Donald Trump today signed a long-awaited executive order aimed at beefing up cybersecurity at federal government agencies with a shift of computer capabilities to the cloud as a key part of the strategy.
Weve got to move to the cloud and try to protect ourselves instead of fracturing our security posture, Homeland Security Adviser Tom Bossert told reporters during a White House briefing.
The executive order gives the lead role in managingthe cloud shift to the director of the White Houses newly established American Technology Council, which is due to meet for the first time next month.
Although the councils full roster of members has not yet been announced, the director is said to be Chris Liddell, who formerly served as chief technology officer at Microsoft and General Motors.
Some agencies already have begun shiftingdata resources to cloud computing services, including Amazon Web Services and Microsoft Azure. Carson Sweet, CTO and co-founder of San Francisco-based CloudPassage, said the emphasis on the cloud makes sense and builds on a trend that began during the Obama administration.
The question now will be how well the administration does with identifying and eliminating the obstructions agencies are facing as they consider adopting cloud / shared services, Sweet told GeekWire in an email.
The executive order also calls upon all federal agencies to implement the NIST Cybersecurity Framework, a set of best practices developed by the National Institute of Standards and Technology for the information technology industry. And it calls on Cabinet secretaries to develop plans to protect critical infrastructure, ranging from utilities to the health care system to the financial system.
Bossert said the measures build on the efforts made by the Obama administration. A lot of progress was made in the last administration, but not nearly enough, he said.
As an example of past failures, Bossert pointed to 2015s data breach at the Office of Personnel Management, which exposed millions of sensitive employment records to hackers. He said such records are the crown jewels of the governments dataassetsand require enhanced protection.
Bossertnoted that Trumps budget blueprint sets aside $1.5 billion for cybersecurity.
Back in January, Trump vowed to come up with a major report on hacking defense within 90 days,but some observers said the executive order didnt meet the target.
Drew Mitnick, policy counsel at Access Now, said in a statement that the measures will serve as incremental changes to existing policies, while the Trump administration has otherwise either ignored or undermined pressing digital security threats internet users face.
The action does not touch several critical areas, like the insecurity of Internet of Things devices, data breaches, or vulnerability disclosure, Mitnick said.
During the briefing, one reporter asked whether shifting the federal governments data to the cloud might heighten rather than reduce cybersecurity risks. Bossert said its better to centralize risk, rather thanhaving 190 federal agencies come up with separate measures.
I dont think thats a wise risk, Bossert said.
Another reporter asked whether concerns over Russias online meddling with last years presidential campaign had any effect on the executive order.
The Russians are not our only adversary, Bossert replied. The Russians, the Chinese, the Iranians, other nation-states are motivated to use cybersecurity and cyber tools to attack our people and our governments and their data. And thats something we can no longer abide.
He declined to say what type of cyber attack might constitute an act of war, other than to say that if somebody does something to the United States of America that we cant tolerate, we will act.
Trump was reportedly on the verge of signing an executive order on cybersecurity back in January, but held off. Bossert said there was nothing unusual behind the delay. He noted that between then and now, the White House had the chance to lay out a budget blueprint and announced the formation of the technology council two developments that set the stage for the executive order.
Bossert also acknowledged that some tech companies expressed concerns that theyd be compelled to take actions to head off distributed denial-of-service attacks, also known as botnet attacks. He emphasized today that the anti-botnet initiative would be voluntary.
The executive order callson Commerce Secretary Wilbur Ross and Homeland Security Secretary John Kelly to file a preliminary report on the anti-botnet campaign within 240 days.
Bossert declined to confirm a claim that federal computers are hit by tens of thousands of hacking attempts daily, but he acknowledged that attempted data break-ins and successful intrusions are on the rise.
The trend line is going in the wrong direction, he told reporters.
Follow this link:
Trump signs cybersecurity executive order, mandating a move to cloud computing - GeekWire