This is the first post in a DBR on Data series on Executive Order 13800 and updates on its implementation a year after passage.
The White House Office of Management and Budget (OMB) released in May 2018 its report to the president on federal cybersecurity risk determination. The report, which responds to the President’s May 2017 Executive Order 13800, entitled “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” comes as several key reports also required by Executive Order 13800 have been recently released in full or in summary form. The Federal Cybersecurity Risk Determination Report and Action Plan concludes that the recent government-wide cybersecurity risk assessment conducted by the OMB, in collaboration with the Department of Homeland Security (DHS), confirms the need for the U.S. government to take “bold approaches” to improve federal cybersecurity.
With the House and Senate returning to Washington in September, two recently-introduced Senate bills seek to address perceived vulnerabilities in the security of Internet of Things (IoT) devices sold to the federal government and medical devices which regularly connect to the Internet.
Among the key takeaways in the legislation:
- Legislation covers both products sold to the federal government and medical devices;
- Legislation addresses “life of device” obligations of IoT device manufacturers;
- Disclosure and Certification Requirements could create additional liability for manufacturers of Internet of Things devices.
On August 30, the Trump administration unveiled an ambitious plan to upgrade the federal government’s cyberdefenses by shifting digital functions to the cloud and prioritizing security upgrades for the government’s most important systems. In this plan, which in many ways continues the cyberefforts of the Obama administration, the White House’s American Technology Council (ATC) justified this large-scale approach due to what it characterized as the federal government’s longstanding less-than-adequate cyberefforts in the face of years of mounting digital threats.
The plan, grounded in the President’s May 2017 Executive Order (EO) 13,800, tasked the Director of the ATC to coordinate the preparation of a report to the President from the Secretary of the Department of Homeland Security (DHS), the Director of the Office of Management and Budget (OMB), and the Administrator of the General Services Administration (GSA), in consultation with the Secretary of Commerce (Commerce), regarding the modernization of Federal Information Technology (IT). In accordance with EO 13,800, a draft IT Modernization report was submitted to the President last week.
The Trump administration has issued two executive orders focusing on national cybersecurity. The first establishes the American Technology Council, tasking it with developing policy around the use of information technology by the federal government and providing insight into how information technology policy is delivered to the president.
The orders include aggressive deadlines for federal agencies to submit reports on the cybersecurity of critical infrastructure entities, which may be difficult to meet.
For more insight, read our detailed review of the executive orders.