May 11, 2017, President Trump issued an Executive Order on “Strengthening the
Cybersecurity of Federal Networks and Critical Infrastructure” (“EO”). The EO makes Executive Branch agency heads
responsible for ensuring the cybersecurity of their systems and
information. It also directs these agencies
to report, plan and budget for improvements to the cybersecurity of their Federal
systems in order to adequately protect “the executive branch enterprise.” The EO calls for agencies to apply the National
Institute of Standards and Technology (“NIST”) Framework for Improving Critical
Infrastructure Cybersecurity (the “Framework”) in developing reports that ultimately
will be used to determine an Executive Branch cybersecurity plan. The Framework to be used by these agencies is
the same one that has been in place since 2014 as voluntary guidance to
businesses on the development of a risk-based approach for addressing and managing
cybersecurity risks. Notably, the EO
calls for the Executive Branch’s development and transition to a “modern,
secure, and more resilient executive branch IT [Information Technology] architecture,”
with a preference to procure shared IT services, including email, cloud and
The EO also calls for agencies to support the cybersecurity of
U.S. critical infrastructure, which is defined to include critical physical and
information infrastructures and networks in telecommunications, energy,
financial services, water, and transportation sectors. The EO also seeks to identify the
cybersecurity risks facing the Department of Defense (“DoD”) and the defense
industry base, including its supply chain, and to address the threats posed by
botnets and other automated, distributed cyber attacks.
- Cybersecurity remains a critical concern for
this administration. We should expect
that additional guidance and likely increased requirements will be issued to implement
better and more comprehensive cybersecurity in government and with regard to those
involved in national security, or other activities critical to the
accomplishment of the government’s missions.
- Given the President’s expressed intent to update
Executive Branch IT systems and services, it is likely that an Agency’s plans
to address cybersecurity needs will be factored into that Agency’s, and
ultimately, the President’s Executive Branch-wide, strategic, operational and
budgetary planning processes moving forward for FY 18 and beyond.
- As a government contractor, you should be
checking your systems to ensure compliance with the cybersecurity requirements
in your current contracts and subcontracts, and moving forward to ensure your
competitive status in future procurements.
- Cybersecurity is likely to create opportunities
for those with the best cybersecurity products, services and capabilities in
the coming months and years.
If you have questions about the Executive Order or the
requirements of current cybersecurity provisions, contact Susan Warshaw Ebner,
or your FortneyScott counsel.