(CNSNews.com) - President Donald Trump issued an executive order on Thursday aimed at strengthening cybersecurity.
“I think the trend is going in the wrong direction in cyberspace, and it’s time to stop that trend and reverse it on behalf of the American people. We’ve seen increasing attacks from allies, adversaries, primarily nation states but also non-nation state actors, and sitting by and doing nothing is no longer an option,” Homeland Security Advisor Tom Bossert said in announcing the executive order.
The Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure has three sections: cyber security of federal networks, cyber security of critical infrastructure, and cybersecurity for the nation.
“The first priority for the president and for our federal government is protecting our federal networks,” Bossert said. “I think it’s important to start by explaining that we operate those federal networks on behalf of the American people, and they often contain the American people’s information and data, so not defending them is no longer an option.
“We’ve seen past hacks and past efforts that have succeeded, and we need to do everything we can to prevent that from happening in the future,” he said.
Secondly, Bossert said the president directed federal departments and agencies to implement the NIST framework - a risk-reduction network.
“It is something that we have asked the private sector to implement, and not forced upon ourselves. From this point forward, departments and agencies shall practice what we preach and implement that same NIST framework for risk management and risk reduction,” he said.
“Third point I would make is that the executive order directs all its department and agency heads to continue its key roles, but it also centralizes risk so that we view our federal IT as one enterprise network. If we don’t do so, we will not be able to adequately understand what risk exists and how to mitigate it,” Bossert said.
The president’s American Technology Council will be responsible for modernizing the government’s cybersecurity.
“I would probably note to you that other countries have taken two or three years to learn what we just came up with in two or three months, and that is that we can’t promote innovation without first thinking through risk reduction. So doing that together is a message that we’ve learned, but doing it together is a message we’d like to encourage private sector folks to adopt,” Bossert said.
“So point two in the executive order is our critical infrastructure cybersecurity effort. The president has directed the president’s cabinet to begin the hard work of protecting our nation’s most critical infrastructures -- utilities, financial and healthcare systems, telecommunications networks. He’s directed them to identify additional measures to defend and secure our critical infrastructure, and he’s continued to promote the message that doing nothing is no longer an option,” Bossert added.
“So the executive order not only requires his departments and agencies to help those critical infrastructure owners and operators and the most important ones, but to do it in a proactive sense. The message is a tilt towards action,” he said.
When asked if the Russian hack is an impetus for the executive order, Bossert said, “The Russians are not our only adversary on the Internet, and the Russians are not the only people that operate in a negative way on the Internet.
“The Russians, the Chinese, the Iranians, other nation states are motivated to use cyber capacity and cyber tools to attack our people and our governments and their data, and that’s something that we can no longer abide,” he said.
“We need to establish the rules of the road for proper behavior on the Internet, but we also then need to deter those who don’t want to abide by those rules,” Bossert added. “So the answer to your first question is, no, it wasn’t a Russian-motivated issue, it was a United States of America-motivated issue.”