US President Donald Trump unexpectedly cancelled the signing of a new executive order on cybersecurity Tuesday, following a day of briefings by the White House on its contents.
While discussion and commentary in the capitol has continued to revolve around the fallout from Trump’s ill-conceived executive order on immigration – not least his firing on Monday night of the assistant attorney general after she questioned its legality – the White House has spent much of the day talking about cybersecurity.
Officials briefed journalists in the morning on the order’s contents and told them that the goal behind the order was to “hold the heads of federal agencies accountable for managing their cyber risk.” A cybersecurity framework developed by NIST, the National Institute of Standards and Technology, was held up as the standard.
The order also asks the executive branch’s budget operation – the Office of Management and Budget – to assess the risks that the federal government faces when it comes to cybersecurity, with an eye to modernizing the system to be more secure.
In the afternoon, Trump held a meeting with a group on cybersecurity – including Rudy Giuliani, who he has chosen to head up cybersecurity efforts despite a lack of experience – in which he reiterated that he would “hold my cabinet secretaries and agency heads accountable, totally accountable, for the cyber security of their organizations.”
From Russia with love
Trump and Giuliani went heavy on the need to secure networks against attacks, and said that corporations – which own the majority of internet networks in the United States – would need to work with the government to that end. However, they stopped short of suggesting there would be an effort to impose some form of authority over them.
Trump talked about “working with” the private sector on cybersecurity and said that he would “make sure that owners and operators of critical infrastructure have the support they need from the federal government to defend against cyber threats.” Giuliani was more aggressive, arguing that “the private sector is wide open to hacking, and sometimes by hacking the private sector, you get into government. So we can’t do this separately.” He said part of the goal of the executive order was to “get the private sector to wake up.”
Trump said: “We must protect federal networks and data. We operate these networks on behalf of the American people and they are very important,” and he gave the electrical grid and power plants as key examples.
Trump was unable to stop himself from talking about the hack of the Democratic National Congress’ email servers, however – leaks from which embarrassed the political party and contributed to his victory.
“Despite how they spent hundreds and hundreds of millions of dollars more money than we did, the Democratic National Committee was hacked successfully, very successfully, and terribly successfully,” he noted.
He then repeated the questionable statement that the same hackers who infiltrated the DNC’s servers had tried unsuccessfully to do the same to the Republican party. “The Republican National Committee was not hacked. Meaning it was hacked, but they failed. It was reported, I believe, by Reince and other people that it was hacked, but we had a very strong defense system against hacking.”
Despite having raised the issue, Trump refused to mention or talk about the assessment of the US intelligence agencies that it was the Russian government that had instigated the hacking and had actively attempted to sway the election in his favor. Cybersecurity experts also believe that the RNC servers were in fact hacked by the Russian government – but their contents were not shared publicly for fear of damaging Trump’s chances.
After the briefing and meeting on cybersecurity, Trump was scheduled to sign the executive order in the Oval Office. That signing was abruptly cancelled however, with no explanation given. The final text of the order has yet to be confirmed, although a draft was leaked to The Washington Post. ®
Source: SANS ISC SecNewsFeed @ January 31, 2017 at 03:42PM