The federal government is in the process of carrying out President Donald Trump’s cyber security directive in May, according to the Department of Homeland Security (DHS), which released a “snapshot” on July 7 of progress made so far.
The bulletin, issued by the department’s United States Computer Emergency Readiness Team, is the first of planned monthly updates on the implementation of May 11 Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The order is divided into three sections and puts forth a number of tasks to be carried out by department and agency heads.
The first section of the order pertains to cyber security of federal networks and holds agency heads accountable for managing the cyber risk to their enterprises and to produce a risk management report to the White House Office of Management and Budget and DHS within 90 days. The bulletin says that agencies are drawing up plans to implement the Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST) under the Obama administration that lays out best practices and standards for managing cyber security risks.
Trump’s directive also calls for departments to procure shared information technology services.
“In support of this work, agency heads are gathering information on their IT architectures and plans to help determine the technical feasibility and cost effectiveness of transitioning all agencies to one or more consolidated network architectures and applying shared IT services (including email, cloud, and cybersecurity services),” the bulletin says. The Defense Department and Office of the Director of National Intelligence (ODNI) are also assessing their IT modernization efforts and “effects of transitioning to consolidated network architectures and shared IT services,” it says.
The second section of the order covers the cyber security of critical infrastructure, the vast majority of which is owned and operated by the private sector. DHS says it and agencies with oversight of the different critical infrastructure sectors and reviewing existing and “prospective authorities and capabilities” they could use to help secure infrastructure.
DHS is also working with the Commerce Department on a report that will examine if existing federal policies and practices are sufficient in promoting appropriate market transparency of cybersecurity risk management practices by critical infrastructure entities.”
The final section of the order deals with national cyber security and discusses international cooperation, deterring cyber attacks, and growing the cyber workforce. The bulletin says a number of departments and agencies are working with ODNI on a joint report on deterrence.
The State Department is also beginning work on an international engagement strategy on cyber security, which will build on a report already provided by State, DoD, Commerce, DHS, the FBI, and Department of Justice and Treasury.
For cyber workforce needs, NIST plans to seek public input on a workforce report and is planning at least one workshop in August to gather input. The bulletin says that ODIN is also working with other agencies on workforce development efforts by foreign cyber peers that will probably impact the cyber security competitiveness of the U.S.
DHS says it is establishing a website for updates and information on the implementation of the executive order. The address is: www.us-cert.gov/eo13800.