Evan Vucci / AP

President Trump's executive order on cybersecurity, signed on Thursday, was months in the making. It orders several broad reviews of the cybersecurity apparatuses of federal agencies, and pushes them to use a certain standards for managing their cybersecurity.

Why it matters: Federal agencies are fighting an uphill battle when it comes to data security. Most of them are using very old systems and have tight budgets, yet they are prime cyber-crime targets.

By the numbers: According to a recent federal edition of Thales Data Threat Report, 34% of federal respondents experienced a data breach in the last year and 65% experienced a data breach in the past. Almost all (96%) consider themselves 'vulnerable', with half (48%) stating they are 'very' or 'extremely' vulnerable.

Here are some key takeaways from cybersecurity experts we talked to:

  • The administration took its time. "The original deadline was to turn this around in 90 days," said Daniel Castro, Vice President of the Information Technology and Innovation Foundation, said in an email. "And now that the executive order is out, we see that it is mostly a plan for a plan." But he also said the order is "a much more mature draft than the one we saw back in late January."
  • It doesn't tap private sector expertise. "I think the biggest weakness of it might be that is is really drawing heavily from government to implant the plan," said Castro in an interview, noting in his email that the "policies in this order lean heavily on the government for ideas and implementation rather than a public-private partnership approach." The private sector has its place in the order, though. The administration says it will look to companies for help with botnets and the order references the new American Technology Council.
  • Calls for IT modernization: "Trying to implement security on old, often obsolete technology is both difficult and expensive, and with limited IT talent available would be throwing good money after bad," said Steve Grobman, McAfee's Chief Technology Officer.
  • Consistency with previous plans: "It's great that we're not seeing a massive sway in policy from one administration to another. That continuity, and building upon areas that had gaps, is consistent with bipartisan approaches since the Bush administration," said Ryan Gillis, VP of Cybersecurity Strategy and Global Policy at Palo Alto Networks.
  • Tall order for agencies: "Moving government agencies to shared services and IT modernization alone are huge action items," Gillis said.
  • Cultural shift in approach to cyber: "We've never had an executive order require all federal agencies to apply NIST [standards] to their entire organization" and build a comprehensive risk and mitigation report, said Mike Shultz, CEO of Cybernance. "The 90-day deadline is a huge lift for an order that requires a cultural shift down to the DNA level of how we view cyber risk."
  • Budget uncertainty: Who's going to foot the bill for taking additional cybersecurity steps? "The right words are in there — that agencies should align budget planning with risk assessments — but the devil will begin the details," said Rear Admiral (ret.) David Simpson, cybersecurity consultant and former FCC Public Safety and Homeland Security Bureau Chief. "At least we'll be having adult conversations about the gap between what agency officials say and where they're actually putting their money."

The bottom line: Like most executive orders, this one didn't lay out a comprehensive plan. Still, it's a starting point with direction that feds had been waiting for from the White House as they deal with mounting cybersecurity challenges.

Go deeper

Updated 12 mins ago - Politics & Policy

Trump says he will announce Supreme Court pick on Saturday

Photo: Mandel Ngan/AFP via Getty Images

President Trump tweeted Tuesday that he plans to announce his Supreme Court pick on Saturday. He later told reporters that the announcement will come at 5 p.m.

Why it matters: Republicans are moving fast to replace the late Justice Ruth Bader Ginsburg, which would tilt the balance of the high court in conservatives' favor and have lasting impact on climate policy, immigration and the Affordable Care Act.

Erica Pandey, author of @Work
42 mins ago - Economy & Business

Remote work won't kill your office

Illustration: Eniola Odetunde/Axios

We can officially declare the 9-to-5, five-days-a-week, in-office way of working dead. But offices themselves aren't dead. And neither are cities.

The big picture: Since the onset of pandemic-induced telework, companies have oscillated between can't-wait-to-go-back and work-from-home-forever. Now, it's becoming increasingly clear that the future of work will land somewhere in the middle — a remote/in-person hybrid.

FBI: Foreign actors likely to sow disinformation about delays in election results

Photo: Chip Somodevilla/Getty Images

The FBI and Cybersecurity and Infrastructure Security Agency released a public service announcement on Tuesday warning that mail-in ballots "could leave officials with incomplete results on election night," and that foreign actors are likely to spread disinformation about the delays.

The bottom line: The agencies called on the public to "critically evaluate the sources of the information they consume and to seek out reliable and verified information from trusted sources," including state and local election officials.

Get Axios AM in your inbox

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Subscription failed
Thank you for subscribing!