Pages

18 February 2017

Pinpointing trouble spots in Trump’s cybersecurity executive order

By TIM STARKS

CYBER EO SCUTTLEBUTT — More people are circulating the latest draft of the Trump administration’s upcoming cybersecurity executive order. POLITICO has now received an identical draft from multiple sources both in and out of government, firming up the details we reported Tuesday night.

One section on botnets — infected networks of electronic devices digital attackers use to launch massive attacks — has caught the eye of private companies, according to those who work with the firms. The draft order directs the Commerce Department to work with companies behind “core communications infrastructure” to identify what actions they can take to better secure their networks. But the passage has concerned some who feel the language misses the point of botnets, which affect electronic devices across a wide range of industries. For instance, the recent cyberattack that made high-profile websites like The New York Times and Spotify unreachable relied on a hijacked network of internet-connected devices — such as cameras and baby monitors — to flood Dyn, a top domain name service provider, with fake traffic.

Yet others were optimistic about the draft order’s instructions to investigate where the government can consolidate its networks and move to shared IT services, such as email. And everyone who reviewed it agreed the latest text is a considerable improvement from an early draft that circulated.

Still, there may be lingering concerns about whether the order will clash with existing data security laws, such as the Federal Information Security Management Act, or FISMA. The draft order is largely focused on delineating the Office of Management and Budget’s cyber role. But FISMA already lays out OMB’s oversight authority over federal agencies’ cybersecurity practices. It’s unclear how the order would interact with FISMA. President Donald Trump is still expected to sign the order by week’s end.

No comments:

Post a Comment