President Donald Trump signed an executive order Thursday that launches sweeping reviews of the U.S. government’s digital vulnerabilities.
The order directs agencies to adopt the Framework for Improving Critical Infrastructure Cybersecurity, a policy developed by the National Institute of Standards and Technology that is meant to bolster government defenses against malicious attacks. The order, which came 111 days into President Trump’s tenure, also aims to enhance protection of critical infrastructure such as the energy grid and financial sector “from sophisticated attacks that officials have warned could pose a national security threat or cripple parts of the economy” according to Reuters.
Of particular interest to the technology community are the parts of the order that deal with cloud services, with the word cloud appearing twice in the order. The specific references say that government departments and agencies should work toward using shared information technology services and networks, with cloud services being specifically mentioned as one way shared services could be delivered.
The response to the executive order was mixed, with some suggesting that it simply restated the policies of prior administrations, while others suggested, with some provisos, that it was a positive step forward.
“Today’s order on its surface seems like a good first step, but in practice it may take a very long time for it to bear any edible fruit,” Richard Henderson, Global Security Strategist at Absolute Software Corp. told SiliconANGLE. “A shared services model might be the way forward, but that is not without peril. … It can be difficult for a centralized agency to predict the unique needs of the agencies under its purview, and that can lead to bloated budgets, systems left operating that are vulnerable to breach or denial of service, or agencies pushing back on the agency managing the shared services model.”
On critical infrastructure, Henderson was more upbeat, noting, “I think having DHS report into the Oval Office as to the current state of cybersecurity for critical infrastructure systems is a good first step. … You really can’t build an effective plan going forward until you establish a proper baseline. It becomes simpler to move forward once you have a good idea where you stand.”
Critical infrastructure is the “backbone of our entire way of life today,” Henderson added. “Virtually every transaction, every piece of communication, and the world as we know it now … is all dependent on telecommunications networks and the electric grid. Society would be thrown into absolute bedlam if we weren’t able to turn on the lights, keep our food chilled or conduct commerce.”