On August 30, the Trump administration unveiled an ambitious plan to upgrade the federal government’s cyberdefenses by shifting digital functions to the cloud and prioritizing security upgrades for the government’s most important systems. In this plan, which in many ways continues the cyberefforts of the Obama administration, the White House’s American Technology Council (ATC) justified this large-scale approach due to what it characterized as the federal government’s longstanding less-than-adequate cyberefforts in the face of years of mounting digital threats.
The plan, grounded in the President’s May 2017 Executive Order (EO) 13,800, tasked the Director of the ATC to coordinate the preparation of a report to the President from the Secretary of the Department of Homeland Security (DHS), the Director of the Office of Management and Budget (OMB), and the Administrator of the General Services Administration (GSA), in consultation with the Secretary of Commerce (Commerce), regarding the modernization of Federal Information Technology (IT). In accordance with EO 13,800, a draft IT Modernization report was submitted to the President last week.
In the wake of the WannaCry global attack that impacted the U.K.’s National Health Service, the need to protect valuable health care data has never been more urgent. The U.S. government has begun to take steps in the right direction with the passing of executive orders on cybersecurity, the Cybersecurity Act of 2015, and the Government Accountability Office report on the Internet of Things.
The Trump administration has issued two executive orders focusing on national cybersecurity. The first establishes the American Technology Council, tasking it with developing policy around the use of information technology by the federal government and providing insight into how information technology policy is delivered to the president.
The orders include aggressive deadlines for federal agencies to submit reports on the cybersecurity of critical infrastructure entities, which may be difficult to meet.
For more insight, read our detailed review of the executive orders.
The National Institute of Standards and Technology (NIST) issued an update to its Framework for Improving Critical Infrastructure Cybersecurity on January 10, 2017. The updated draft Version 1.1 was issued after NIST’s review of considerable public and private-sector feedback on Version 1.0.
The updated five Framework Core Functions remain the same as the previous iteration: Identify, Protect, Detect, Respond and Recover. Version 1.1 now includes enhanced categories, subcategories and guidance, including cyber supply chain risk management, safer information sharing, cybersecurity measurement and stronger measures for device authentication.
The updated draft includes improvements but is intended to remain a voluntary cyber risk management tool that organizations can customize.
Read our overview of the updates and insights on some of the highlights.