After a torrid start to his administration in terms of tech issues, US President Donald Trump has signed a presidential order to strengthen the government’s computer infrastructure from cyber attacks.
“To truly make America safe, we truly have to make cybersecurity a major priority,” says Trump, claiming that America’s information technology network has been left vulnerable.
Looming large in Trump’s mind perhaps is the unending and even escalating rumours about the alleged Russian hacking of the US presidential elections.
US security services are convinced that Russian President Vladimir himself ordered an “influence campaign” during the election, and some believe that that campaign eventually led to the election of the Republican Trump to the White House.
Democrat Hillary Clinton was widely expected to win the election but computers at her party’s campaign headquarters were believed to have been hacked by the Russians.
Information which may have been acquired from those hacks were released to the public in dribs and drabs and this is said to have damaged Clinton’s campaign.
To compound Clinton’s problems, the then FBI director James Comey launched an investigation into her handling of classified emails while she was US secretary of state during the previous administration of President Barack Obama.
Clinton kept her emails on a private server, which is said to have been less secure than government servers.
And although Comey’s investigation largely cleared Clinton of wrongdoing, the timing of the investigation – just days before the voting took place in the presidential election – may have affected the way people voted.
The public mood was difficult to judge during the latter stages of the election, with opinion polls suggesting it could go either way – after months of showing that Clinton would win comfortably.
The leaks which may or may not have been the work of Russian hackers are claimed to have resulted in a Trump win – something Putin is said to have preferred.
Meanwhile, the Kremlin, Russia’s governmental headquarters, has always denied any spying, and Putin did not meet Trump on the US president’s recent visit to the country, preferring instead to schedule a get-together in Germany at a later date.
In any case, Russia is not the only country which could be taking advantage of any supposed vulnerabilities in the US cyber security infrastructure.
Given that most hackers act under anonymity, who knows which country or group they represent – if any at all.
But whoever is to blame, the end result, says the White House, is that “the United States has been left vulnerable to destructive attacks through cyberspace”.
The Federal Government, as a large and lucrative target for electronic criminals and foreign agents, has been a victim of cyber intrusions for years, adds the White House in a statement.
“The cybersecurity of critical American network infrastructure – public and private alike – is under constant attack from both foreign and domestic sources,” says the White House. “On a daily basis we receive new reports of major corporations in the United States have been hacked by foreign-based threats.”
Trump had spoken of his concerns about the US government’s IT infrastructure while still a candidate.
“The scope of our cybersecurity problem is enormous,” said Trump. “Our government, our businesses, our trade secrets and our citizens’ most sensitive information are all facing constant cyberattacks and review by the enemy.”
Trump’s cyber security order essentially makes cyber security a top priority for the federal government.
And, as detailed in the statement by the White House, specific actions include:
- Requiring all agencies to use the industry-standard NIST Cybersecurity Framework to manage their cybersecurity risks;
- Requiring all agencies to prefer shared IT services in all future procurements, to the maximum extent allowed under the law;
- Requiring all agencies to explicitly document their cybersecurity risk mitigation and acceptance choices, including any decisions to not mitigate known vulnerabilities in a timely manner, and describe their action plan in a report to implement the Framework, in a report to the Department of Homeland Security and Office of Management and Budget;
- Requiring the Secretary of DHS and the Director of OMB to evaluate the totality of these reports to comprehensively assess the adequacy of the Federal Government’s overall cybersecurity risk management posture and propose changes in law, policy, and budgeting to protect adequately the executive branch enterprise;
- Requiring the Secretary of Defense and the Director of National Intelligence to undertake comparable efforts for national security systems; and
- Enabling the White House’s American Technology Council to launch a process of planning for the deliberate modernization of Federal IT, including the technical feasibility and cost effectiveness of transitioning agencies to one or more consolidated network architectures and shared services such as email.
Trump issued other guidelines for the government’s co-operation with industry on protecting critical national infrastructure, as well as defence and deterrence postures.
But in summary, this looks like a root-and-branch review of all cyber security procedures and practices in the US government.