With or without an actual Executive Order (EO), it’s clear the Trump Administration intends to focus on improving the cybersecurity posture of federal networks.
The draft EOs that have circulated address federal networks before anything else, and the President’s Assistant for Homeland Security and Counterterrorism, Tom Bossert, similarly emphasized government networks in a keynote address at CSIS’s Cyber Disrupt 2017. The entire federal network needs to be defended as one entity, Bossert said, to ensure that some of its “crown jewels,” such as the data stolen in the OPM hack, are protected by more than just a single agency. That doesn’t mean individual agencies are off the hook. Far from it, as every agency head will be held accountable for the cybersecurity of his or her agency.
Both the draft orders and Bossert acknowledge that old federal IT systems do not make for well-secured systems. The order would enable the retirement, replacement and modernization of legacy IT that doesn’t take well to new security technology and is also expensive to maintain. And make no mistake about it: this new technology is going to come from the private sector, Bossert said. In fact, the Administration would even encourage agencies to outsource their cybersecurity to the private sector through a managed service model.
All this is good news for cybersecurity technology companies and service providers in the federal market – as many of our clients are. Opportunities abound to support IT modernization and the use of the NIST Cybersecurity Framework, private sector technologies, and managed security services. Some of our clients have expounded on these subjects already — in testimony, at cybersecurity-focused events here in D.C., in bylines, and of course on social media. And when the actual cybersecurity EO does come out, there will be more opportunities to comment.
At CSIS Cyber Disrupt 2017, Bossert hinted we might not see the EO for a while; however, there will be plenty of other initiatives – negotiations over budget requests, comments on the NIST Cybersecurity Framework, congressional hearings, appointments of key cyber personnel – that will drive news. In the meantime, savvy commentators can weigh in on these stories and add their expertise. In fact, there just might be more opportunities to comment on the cybersecurity EO if it does not materialize.
RH Strategic is a Seattle and D.C.-based communications firm providing strategic public relations for innovators in the technology, public sector and healthcare markets.