Trump Issues Executive Order to Strengthen Cybersecurity and Critical Infrastructure

On
May 11, 2017, President Trump issued an Executive Order on “Strengthening the
Cybersecurity of Federal Networks and Critical Infrastructure” (“EO”).  The EO makes Executive Branch agency heads
responsible for ensuring the cybersecurity of their systems and
information.  It also directs these agencies
to report, plan and budget for improvements to the cybersecurity of their Federal
systems in order to adequately protect “the executive branch enterprise.”  The EO calls for agencies to apply the National
Institute of Standards and Technology (“NIST”) Framework for Improving Critical
Infrastructure Cybersecurity (the “Framework”) in developing reports that ultimately
will be used to determine an Executive Branch cybersecurity plan.  The Framework to be used by these agencies is
the same one that has been in place since 2014 as voluntary guidance to
businesses on the development of a risk-based approach for addressing and managing
cybersecurity risks.  Notably, the EO
calls for the Executive Branch’s development and transition to a “modern,
secure, and more resilient executive branch IT [Information Technology] architecture,”
with a preference to procure shared IT services, including email, cloud and
cybersecurity services.

The EO also calls for agencies to support the cybersecurity of
U.S. critical infrastructure, which is defined to include critical physical and
information infrastructures and networks in telecommunications, energy,
financial services, water, and transportation sectors.  The EO also seeks to identify the
cybersecurity risks facing the Department of Defense (“DoD”) and the defense
industry base, including its supply chain, and to address the threats posed by
botnets and other automated, distributed cyber attacks.

Takeaways:

  • Cybersecurity remains a critical concern for
    this administration. We should expect
    that additional guidance and likely increased requirements will be issued to implement
    better and more comprehensive cybersecurity in government and with regard to those
    involved in national security, or other activities critical to the
    accomplishment of the government’s missions.
  • Given the President’s expressed intent to update
    Executive Branch IT systems and services, it is likely that an Agency’s plans
    to address cybersecurity needs will be factored into that Agency’s, and
    ultimately, the President’s Executive Branch-wide, strategic, operational and
    budgetary planning processes moving forward for FY 18 and beyond.
  • As a government contractor, you should be
    checking your systems to ensure compliance with the cybersecurity requirements
    in your current contracts and subcontracts, and moving forward to ensure your
    competitive status in future procurements.
  • Cybersecurity is likely to create opportunities
    for those with the best cybersecurity products, services and capabilities in
    the coming months and years.

If you have questions about the Executive Order or the
requirements of current cybersecurity provisions, contact Susan Warshaw Ebner,
or your FortneyScott counsel.