White House Withholds Cyber-Security Order for Further Revision
NEWS ANALYSIS: President Donald Trump withheld an executive order on cyber-security that was ready for his signature leaving the Washington IT security community wondering what changes he intends to make.An administration burned by the failure of its executive order on immigration to pass legal muster has held up consideration of its next big effort, which is an order on cyber-security. That executive order, something each administration has issued since the George W. Bush presidency, was withheld without explanation on the day it was supposed to be signed. A look at the original EO as obtained by the Washington Post and the subsequent revision as obtained by Lawfare show substantial differences. The latest version, which is still a draft, shows two things, one is a wish list from lots of people, and the other which is a more thoughtful approach by someone with actual cyber-security expertise. The speculation as to why the order was suddenly pulled revolves around a president who was reportedly angry that the immigration order wasn’t well crafted and who wanted to make sure this one was done right. The new version of the EO does several important things. First, it makes clear that each agency head and each department secretary has the ultimate accountability for cyber-security. This appears to be done to prevent those heads from passing the buck to their subordinates instead of retaining it in their own hands.
The new EO also speaks clearly about the need to modernize the U.S. government’s antiquated data systems, to keep software and systems updated and to make sure the latest security practices are followed. The order also requires full assessments of government agency's cyber-security status and to report it to the White House. The Office of Management and Budget would receive the reports and consolidate them for the President.