Today marks 60 days after President Trump issued an executive order that called for government agencies to have conducted security reviews with accompanying recommendations as to what steps will be taken to secure the country’s critical infrastructure, networks and data. It seems clear that the President has good intentions with this aggressive stance. As a security professional, I welcome a stronger cyber security posture across both the public and private sector. However, based on experiences with similar implementations, it’s reasonable to speculate this effort will only be enough to kick start the ultimate, primary task we face. And, believe me, time is of the essence.
The May 11 mandate seems to be an initial gesture to demonstrate that the President and his administration are “thinking about cyber security.” With the recent wave of massive global attacks via the WannaCry and Petya ransomware that crippled major enterprises and critical infrastructure, they had better be. It would be ideal if this push to review cyber-security practices could serve as the foundation of meaningful changes in civilian and military agencies, and hopefully it will be. But, consistency is key and this means that unlike previous administrations, our commander-in-chief will need to follow up with an actual policy with teeth and driven by the findings of this review.
And, after the facts have been gathered and the results discussed, what would a cyber security plan look like? There is no question that the task will be daunting. There’s much to consider from a cyber perspective. After all, we’re in the midst of a fiscally challenging environment with diverse departments and agencies with very different missions and funding levels. A single comprehensive strategy will be a tall order to produce and, if such a strategy materializes, the intricacies will most certainly be extremely complex.
With the volume, sophistication and aggressiveness of cyber threats rising, the time for talk and pontification must cease. Our leaders should not deliver legislation that is all bark and no bite. Given there has been more emphasis on cyber security in the first 100 days of his presidency than any previous administration, the topic can no longer be relegated to the background.
This new battlefield must be defined as one of the biggest national security issues we have with appropriate resources and funding made available. While the U.S. has consistently been a leader in this realm, we must use that position to accelerate further and stay ahead of those that would do us harm.
Let’s trust this executive order will continue to reverberate and support a mentality of cyber awareness for years to come.