The Trump administration’s long awaited cyber-security executive order is finally here, and while it adds a number of new reporting requirements and includes the Office of American Innovation, run by Trump son-in-law Jared Kushner as a major player in the cyber-security build-up, it doesn’t have the ability to actually implement changes.
New steps taken by the EO include a change in the accountability of agencies of the executive branch by making agency heads personally accountable for their organization’s security performance. This eliminates a previous practice of agency heads delegating the responsibility to their IT department, thus leaving the agency head free of commitment.
The EO also includes an effort to modernize the executive branch IT systems, to encourage workforce development, to adhere to national standards and to help develop protections for critical infrastructure.
Critical infrastructure planning and reporting includes an effort to work with the companies that own and operate such things as power generation facilities to help them protect themselves against attackers. In addition, it requires detailed reports of the consequences of a successful attack, including a requirement to analyze widespread power outages that could last for weeks.