WASHINGTON, July 6, 2017 — The threat of mass cyberattack has been forcing the Trump Administration to take precautionary steps and boost the profile of cybersecurity. And yet the Trump Administration hasn’t yet assembled a cohesive cybersecurity strategy after five months in office.
Trump signed an executive order on May 11, and which the White House described as a step towards increasing the security of the government’s digital infrastructure. The order directed a number of reviews by different executive departments, and the White House said would be completed within 90 days, or by August 9.
That report is being prepared by the secretaries of Defense and Homeland Security, in coordination with the Office of the Director of National Intelligence and the FBI director. It is expected to lay out the cybersecurity risks facing the US’ defense industry and make recommendations to mitigate such risks.
But the report commissioned by the May Executive Order is not the only pending cybersecurity report for the administration.
Soon after his inauguration, in January, Trump signed a memorandum directing a review of the nation’s cybersecurity posture, complete with proposed improvements and solutions, that was to be completed within 90 days. That deadline came and went.
When asked what the status of the 90 day review on the 161st day of the Trump Administration, a White House spokesperson told BroadbandBreakfast.com that the review was “still ongoing.”
The cloud of suspicion raised by a number of cyberattacks against the Democratic National Committee and figures associated with the campaign of Hillary Clinton appears to have raised the political stakes surrounding the normally non-partisan issue of cybersecurity in policy discussions. Now legislators are attempting to bridge any perceived divide between the parties on the subject.
On Thursday, June 29, a bipartisan group of senators and represented “Promoting Good Cyber Hygiene Act,” that would direct the National Institute of Standards and Technology within the Commerce Department to develop a set of baseline best practices that would be made available online, and would instruct federal agencies to consider using technologies like two-factor authentication to prevent attacks.
“Our nation’s computer networks—public and private—are under constant attack from cyber criminals,” said Rep. Anna Eshoo, D-California.
Eshoo, who estimated that cyberattacks cost the US economy over a trillion dollars a year, added that a “scary truth” is that 90 percent of successful cyberattacks are due to IT administrators overlooking cyber hygiene and security management.
“By instituting commonsense best practices, system administrators can better protect their networks and consumer data from a majority of known cyber threats,” she said.
Co-sponsor Sen. Orrin Hatch, R-Utah noted the bill would establish best practices for cyber hygiene and make them available on a publicly accessible website.
“I am honored to join Congresswoman Eshoo in introducing a bill that will help Americans better protect themselves from enemies online.”
It was not immediately clear how the reports ordered by Trump differ from the December report released by President Obama’s White House's Commission on Enhancing National Cybersecurity, which released the results of a nine-month study of America's cybersecurity problems.
The report proposed shoring up the out-of-the-box security for internet of things devices, including routers and webcams, re-organizing the cybersecurity chain-of-command of federal agencies, and developing a new generation of skilled American cybersecurity experts.
When asked what the Trump Administration was doing to protect the nation’s digital infrastructure, White House Principal Deputy Press Secretary Sarah Huckabee Sanders cast doubt on the idea that the Trump Administration isn’t doing enough to protect the nation from an apparently increasing number of cyberattacks.
“We’re doing things every single day to reduce the number cyberattacks, there’s an entire team that’s focused on doing nothing but that,” Sanders said.
But when pressed on what exactly the administration was doing, Sanders declined to give any details.
“We’re not going to broadcast every action that we’re taking so we can give cyberbullies a peak into what we’re doing.”