Trump to make Cabinet heads responsible for data security – Politico
President Donald Trump is putting the onus on Cabinet officials to secure data at their respective agencies.
The directive will come via an executive order Tuesday afternoon.
Story Continued Below
“What we’re doing moving forward is attempting to make the agency heads aware that they have a deep responsibility here,” a senior administration official told reporters, describing the order that Trump will sign later Tuesday.
“As opposed to delegating it down to their [chief information officers] or more junior staffs, we want them to stay on top of it, and we believe that President Trump’s Cabinet will do so,” the official said.
The executive order is Trump’s first move to lock down the country’s networks after an election rattled by cyberattacks.
But the directive will not address the alleged Russian digital assault that roiled the 2016 presidential election and undermined Democrats, including Trump’s rival Hillary Clinton.
Instead, the order is meant to target the government’s own networks, which have been repeatedly breached in recent years by countries believed to include Russia and China.
As part of the order, the Office of Management and Budget will conduct a government-wide study of federal data security and make recommendations for upgrades.
“This will be critical,” the senior administration official said, “and it’s a long overdue step.”
Additionally, the executive fiat will direct agencies to implement a cybersecurity framework created by NIST, which establishes expert guidelines.
The framework proselytizes a risk-based security approach, encouraging organizations to direct resources to the systems most at risk of being infiltrated.
The order will also direct the DHS secretary to work more closely with the private-sector owners of the nation’s critical infrastructure, such as power plants and hospitals.
Notably, the directive will include “a section discussing the attempts and the Cabinet’s recommendations on [maintaining] a free and open internet from foreign attack and anyone that would seek to undermine the internet’s viability or corrupt its awesomeness,” according to the official, who did not provide specifics.
The executive order will not ask Congress to allocate new funding for upgraded computer systems. But the official said it was “fair to say that Congress will be a key partner on” implementing the executive order, “especially modernization of IT.”
In preparing Trump’s new directive, the White House studied recent cyber recommendations from President Barack Obama’s cybersecurity commission, the Center for Strategic and International Studies and other groups.
“We have taken some of those recommendations,” the official said.
Notably, the administration is not reversing former DHS Secretary Jeh Johnson’s controversial decision to dub the election system “critical infrastructure.” Johnson’s 11th-hour directive, issued at the end of 2016, riled some state election officials who saw it as federal overreach.
But the move is “not contemplated” in the executive order, the official said. Newly confirmed DHS Secretary John Kelly “inherited that responsibility, and that will remain.”
“I don’t want this to sound like a pre-baked campaign promise,” the official told reporters. “This was President Trump, and then-President-elect Trump, pointing out the obvious, and that is that cyberattacks … have clearly increased in terms of their appearance” in public life.