June 9, 2017 By Eli Ben Meir 3 min read

Just days after President Trump signed his executive order on cybersecurity, the massive WannaCry attack dominated the news cycle. The assault infiltrated 150 countries, penetrating national networks and infrastructure.

A breach of such international scale has rightly raised questions about government preparedness for digital warfare. In answering these concerns, Trump’s executive order should not be forgotten. In fact, the White House has taken an important first step toward helping to safeguard America’s cybersecurity stature.

Making Cybersecurity a Real-World Issue

The very fact that President Trump has placed cybersecurity on his administration’s agenda is a powerful statement. For too long, it has been considered the preserve of geeks engaged in a virtual battle. The executive order sent a strong message that what happens in cyberspace has a direct impact on the real world. We can no longer afford to bury our heads in the sand. The fight must be taken up by decision-makers and administrators, as well as technical experts.

But that is not the only sense in which Trump’s directive has created order. The text itself set out a tangible timeline for action. Each government agency is required to carry out a cyber risk assessment, which must be submitted within 90 days. These reports will be subject to scrutiny and, in some cases, oversight will continue all the way up to the president himself. In other words, there is a schedule and a plan of action, which means that the directive is less likely to gather dust on the shelf. Given that WannaCry demonstrated unequivocally how urgently action is required, this represents significant progress.

A Benchmark for a Cybersecurity Strategy

Importantly, the executive order is also explicit on one specific standard to be applied as each agency undergoes its own cyber audit: Agencies have been instructed to use a framework developed by the National Institute of Standards and Technology (NIST), widely regarded as a rigorous benchmark. Holding each federal agency to such a standard creates a yardstick by which to measure vulnerabilities and gauge preparedness. This is a critical first step in creating a forward-thinking action plan. It establishes a basis on which to strategically allocate resources, develop techniques and to deploy specific tools.

Having said all this, the executive order fails to address a number of key areas. For a start, it focuses on federal agencies. But what about individual states? Truly understanding cyberthreats means understanding that networks are linked. There is no neat distinction between federal and state as there is in government. After all, a breach in one state will quickly migrate to the next.

No Safety in Isolation

By the same token, the digital ecosystem not only includes the public sector, but it also crosses the boundary into the private sector, encompassing infrastructure and business. A significant attack on a transit system or power network is likely to cause mass panic and engender a sense of widespread chaos. The implications for public safety and order are clear.

Similarly, should financial institutions be breached, the ripples will be felt across the markets and the economy in general. Consequently, any directive aimed at enhancing national cybersecurity must also include specific guidelines and legislation governing elements of the private sector.

While the NIST benchmark is important, it focuses largely on the technological layers required to fight cybercriminals. Unfortunately, applying technology is no quick fix. Our enemies are becoming more sophisticated all the time, constantly developing new methods of attack. The latest protective tool, by itself, is only a bandage until the next time. Instead, a strong cybersecurity posture requires a holistic approach, which also incorporates best practices and modes of behavior.

Because cyber warfare is so dynamic, cross-agency intelligence sharing is required. It is critical that all relevant bodies are up to date with the very latest threat assessment and on the same page when it comes to combating tomorrow’s dangers. This cooperative approach must be at the heart of any future steps that follow the executive order.

Executive Order on Cybersecurity Starts the Conversation

Perhaps the most significant gap in President Trump’s executive order on cybersecurity is that it does not substantively address future steps. Trump’s directive cannot be treated as a one-time event. The reports mandated cannot be submitted in isolation — they must be the start of an ongoing assessment process. Furthermore, the agencies involved need to take part in ongoing training, simulated war games and other activities to sharpen preparedness.

Nonetheless, this should not take anything away from what is unquestionably a positive development in the fight against fraudsters. But failure to use it as a springboard to a more comprehensive strategy will ultimately place the U.S. at the mercy of those who wish to cause harm. After all, WannaCry was not a one-time event, either.

More from Government

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Updated SBOM guidance: A new era for software transparency?

3 min read - The cost of cyberattacks on software supply chains is a growing problem, with the average data breach costing $4.45 million in 2023. Since President Biden’s 2021 executive order, software bills of materials (SBOMs) have become a cornerstone in protecting supply chains.In December 2023, the National Security Agency (NSA) published new guidance to help organizations incorporate SBOMs and combat the threat of supply chain attacks.Let’s look at how things have developed since Biden’s 2021 order and what these updates mean for…

Roundup: Federal action that shaped cybersecurity in 2023

3 min read - As 2023 draws to a close, it’s time to look back on our top five federal cyber stories of the year: a compilation of pivotal moments and key developments that have significantly shaped the landscape of cybersecurity at the federal level.These stories highlight the challenges federal agencies faced in securing digital infrastructure in the past year and explore the evolving nature of cyber threats, as well as the innovative responses required to address them.New White House cybersecurity strategyThe White House’s…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today