Get the latest market trends in your inbox

Stay on top of the latest market trends and economic insights with the Axios Markets newsletter. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Evan Vucci / AP

President Trump's executive order on cybersecurity, signed on Thursday, was months in the making. It orders several broad reviews of the cybersecurity apparatuses of federal agencies, and pushes them to use a certain standards for managing their cybersecurity.

Why it matters: Federal agencies are fighting an uphill battle when it comes to data security. Most of them are using very old systems and have tight budgets, yet they are prime cyber-crime targets.

By the numbers: According to a recent federal edition of Thales Data Threat Report, 34% of federal respondents experienced a data breach in the last year and 65% experienced a data breach in the past. Almost all (96%) consider themselves 'vulnerable', with half (48%) stating they are 'very' or 'extremely' vulnerable.

Here are some key takeaways from cybersecurity experts we talked to:

  • The administration took its time. "The original deadline was to turn this around in 90 days," said Daniel Castro, Vice President of the Information Technology and Innovation Foundation, said in an email. "And now that the executive order is out, we see that it is mostly a plan for a plan." But he also said the order is "a much more mature draft than the one we saw back in late January."
  • It doesn't tap private sector expertise. "I think the biggest weakness of it might be that is is really drawing heavily from government to implant the plan," said Castro in an interview, noting in his email that the "policies in this order lean heavily on the government for ideas and implementation rather than a public-private partnership approach." The private sector has its place in the order, though. The administration says it will look to companies for help with botnets and the order references the new American Technology Council.
  • Calls for IT modernization: "Trying to implement security on old, often obsolete technology is both difficult and expensive, and with limited IT talent available would be throwing good money after bad," said Steve Grobman, McAfee's Chief Technology Officer.
  • Consistency with previous plans: "It's great that we're not seeing a massive sway in policy from one administration to another. That continuity, and building upon areas that had gaps, is consistent with bipartisan approaches since the Bush administration," said Ryan Gillis, VP of Cybersecurity Strategy and Global Policy at Palo Alto Networks.
  • Tall order for agencies: "Moving government agencies to shared services and IT modernization alone are huge action items," Gillis said.
  • Cultural shift in approach to cyber: "We've never had an executive order require all federal agencies to apply NIST [standards] to their entire organization" and build a comprehensive risk and mitigation report, said Mike Shultz, CEO of Cybernance. "The 90-day deadline is a huge lift for an order that requires a cultural shift down to the DNA level of how we view cyber risk."
  • Budget uncertainty: Who's going to foot the bill for taking additional cybersecurity steps? "The right words are in there — that agencies should align budget planning with risk assessments — but the devil will begin the details," said Rear Admiral (ret.) David Simpson, cybersecurity consultant and former FCC Public Safety and Homeland Security Bureau Chief. "At least we'll be having adult conversations about the gap between what agency officials say and where they're actually putting their money."

The bottom line: Like most executive orders, this one didn't lay out a comprehensive plan. Still, it's a starting point with direction that feds had been waiting for from the White House as they deal with mounting cybersecurity challenges.

Go deeper

Dave Lawler, author of World
2 hours ago - World

Venezuela's predictable elections herald an uncertain future

The watchful eyes of Hugo Chávez on an election poster in Caracas. Photo: Cristian Hernandez/AFP via Getty

Venezuelans will go to the polls on Sunday, Nicolás Maduro will complete his takeover of the last opposition-held body, and much of the world will refuse to recognize the results.

The big picture: The U.S. and dozens of other countries have backed an opposition boycott of the National Assembly elections on the grounds that — given Maduro's tactics (like tying jobs and welfare benefits to voting), track record, and control of the National Electoral Council — they will be neither free nor fair.

Biden plans to ask public to wear masks for first 100 days in office

Joe Biden. Photo: Mark Makela/Gettu Images

President-elect Joe Biden told CNN on Thursday that he plans to ask the American public to wear face masks for the first 100 days of his presidency.

The big picture: Biden also stated he has asked NIAID director Anthony Fauci to stay on in his current role, serve as a chief medical adviser and be part of his COVID-19 response team when he takes office early next year.