Trump has a cybersecurity plan and it needs your help

Lloyd McCoy Jr.blog-eocyberBy Lloyd McCoy Jr., DOD manager

We got a sneak peek this week into what the Trump administration is thinking about with its cybersecurity strategy and it appears there won’t be a major departure from previous administrations.

The Washington Post obtained a copy of a draft executive order on strengthening U.S. cybersecurity and capabilities that President Trump was scheduled to sign yesterday, but the event was postponed.

What I was able to glean from the draft is that it reaffirms cybersecurity as a preeminent national interest and its emergence as a new domain, comparable to air, land, sea and space. In order to protect this interest, the order endorses the “full spectrum” of capabilities to defend U.S. cyber interests, suggesting a policy that embraces both cyber-defensive and offensive toolsets.

In line with the previous two administrations, the order also emphasized protecting both public and private critical infrastructure. While none of this is a major departure, there are a couple of provisions in the draft order that impact the IT community.

Cyber vulnerabilities review

The Trump administration calls for initial recommendations by March 30 of ways both national security systems (military and intelligence related) and public and private critical infrastructure can be better protected.

The unsigned executive order also asks agencies to compile a list of the most urgent vulnerabilities.

With a tight deadline looming ahead, government agencies will absolutely require industry input since they are often the ones on the frontlines defending against cyber threats to government networks and critical infrastructure assets. This is a good time to get in front of senior leaders across government and talk about not only where you see areas for improvement but also the tools you think the government needs to patch up critical vulnerabilities and address increasingly advanced threats.

Cyber adversaries review

The draft executive order also calls for a report on the identities, capabilities and vulnerabilities of the most common cyber adversaries to U.S. interests.

This suggests to me that we will see a continuation of policies focused on improving proactive or offensive responses to cyber-attacks. As a result, expect more demand for threat intelligence and mapping tools, as well as solutions that identify cyber vulnerabilities in adversaries.

Cyber capabilities and incentives

The last sections of the draft order call for the Department of Defense, the Department of Homeland Security and the National Security Agency, based on the Cyber Vulnerabilities and Cyber Adversaries reviews, to identify initial investments and best practices needed to shore up vulnerabilities in our critical infrastructure and any cyber threats affecting the government’s ability to perform its mission.

The administration is also looking for recommendations on ways the government can encourage private owners of critical infrastructure to “maximize protective measures.” As mentioned before, these reviews represent an opportunity for industry to get in front of government leaders and shape future requirements.

How the Trump administration will ultimately contrast with the previous policies on cybersecurity is unclear but at first glance, it looks like cybersecurity will remain front and center in terms of technology priorities. The scope of this draft order is vast, calling for cybersecurity reviews that crisscross civilian, military, intelligence and private sectors. Industry’s expertise, guidance and recommendations are needed here and more importantly, they will be a key determinant for future cyber investments. We’ll keep you updated on the administration’s cybersecurity strategy and other IT priorities.

For more insight on cybersecurity and Trump administration policies, reach out to immixGroup’s Market Intelligence team.

About Lloyd McCoy Jr.
Lloyd McCoy is the Department of Defense Consultant on the Market Intelligence team. Prior to working for immixGroup, he worked in the public sector as a senior analyst with the Defense Department. Lloyd primarily monitors and analyzes issues relating to the Navy/Marine Corps, Defense Health Agency, and the Defense Information Systems Agency

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: