On May 11th, President Trump finally signed an executive order for cybersecurity protocols. This new executive order updates the existing cyber security protocols and outlines the framework that will be enforced. The National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity, has always been preached by the Department of Homeland Security (DHS), and is now mandated that the DHS follow it as well.
Some highlights from the executive order:
- Vulnerabilities that are not remediated, are considered to be the highest threat to the country’s cyber security;
- Programs will have to be maintained with the most current software patches available and can only be used if the software provider continues to offer remediation tactics for that version.
- Heads of executive departments and agencies (agency heads) will be held accountable for any and all risk management decisions. The agency heads are required to submit a risk management report to the DHS within 90 days of the order being published. In the report, the agency heads are required to explicitly outline: which risks they will be prioritizing for remediation, the necessary budget required, the remediation tactics they will use, and an explanation as to why they chose to prioritize those specific risks over others. The DHS and the Office of Management and Budget (OMB) will be reviewing each of these reports.
- There will be a greater emphasis on cybersecurity education through specific curricula, training and apprenticeship programs from primary through higher education. This order recognizes the changing cyber environment and the United States’ need to maintain a long-term cybersecurity advantage
What does this mean for you?
As stated in Section 3(a) of the executive order, the purpose is to:
“ensure that the internet remains valuable for future generations, … to promote an open, interoperable, reliable, and secure internet that fosters efficiency, innovation, communication, and economic prosperity, while respecting privacy and guarding against disruption, fraud, and theft. Further, the United States seeks to support the growth and sustainment of a workforce that is skilled in cybersecurity and related fields as the foundation for achieving our objectives in cyberspace.”
This means that the government of the United States is finally taking the same action that is required for commercial businesses; since commercial businesses are required to follow specific frameworks and compliance standard, the government is now holding its agencies to the same level of accountability.
Moreover, the education section of the executive order shows the country’s investment in cyber security, and the prioritization of this field in the economy. Also, it demonstrates the country’s progressive laws and the need to stay current in this industry.
If you’re a commercial business owner and are looking for Remediation Management tools, click here.