May 12, 2017

Takeaways from Trump's cybersecurity executive order

Evan Vucci / AP

President Trump's executive order on cybersecurity, signed on Thursday, was months in the making. It orders several broad reviews of the cybersecurity apparatuses of federal agencies, and pushes them to use a certain standards for managing their cybersecurity.

Why it matters: Federal agencies are fighting an uphill battle when it comes to data security. Most of them are using very old systems and have tight budgets, yet they are prime cyber-crime targets.

By the numbers: According to a recent federal edition of Thales Data Threat Report, 34% of federal respondents experienced a data breach in the last year and 65% experienced a data breach in the past. Almost all (96%) consider themselves 'vulnerable', with half (48%) stating they are 'very' or 'extremely' vulnerable.

Here are some key takeaways from cybersecurity experts we talked to:

  • The administration took its time. "The original deadline was to turn this around in 90 days," said Daniel Castro, Vice President of the Information Technology and Innovation Foundation, said in an email. "And now that the executive order is out, we see that it is mostly a plan for a plan." But he also said the order is "a much more mature draft than the one we saw back in late January."
  • It doesn't tap private sector expertise. "I think the biggest weakness of it might be that is is really drawing heavily from government to implant the plan," said Castro in an interview, noting in his email that the "policies in this order lean heavily on the government for ideas and implementation rather than a public-private partnership approach." The private sector has its place in the order, though. The administration says it will look to companies for help with botnets and the order references the new American Technology Council.
  • Calls for IT modernization: "Trying to implement security on old, often obsolete technology is both difficult and expensive, and with limited IT talent available would be throwing good money after bad," said Steve Grobman, McAfee's Chief Technology Officer.
  • Consistency with previous plans: "It's great that we're not seeing a massive sway in policy from one administration to another. That continuity, and building upon areas that had gaps, is consistent with bipartisan approaches since the Bush administration," said Ryan Gillis, VP of Cybersecurity Strategy and Global Policy at Palo Alto Networks.
  • Tall order for agencies: "Moving government agencies to shared services and IT modernization alone are huge action items," Gillis said.
  • Cultural shift in approach to cyber: "We've never had an executive order require all federal agencies to apply NIST [standards] to their entire organization" and build a comprehensive risk and mitigation report, said Mike Shultz, CEO of Cybernance. "The 90-day deadline is a huge lift for an order that requires a cultural shift down to the DNA level of how we view cyber risk."
  • Budget uncertainty: Who's going to foot the bill for taking additional cybersecurity steps? "The right words are in there — that agencies should align budget planning with risk assessments — but the devil will begin the details," said Rear Admiral (ret.) David Simpson, cybersecurity consultant and former FCC Public Safety and Homeland Security Bureau Chief. "At least we'll be having adult conversations about the gap between what agency officials say and where they're actually putting their money."

The bottom line: Like most executive orders, this one didn't lay out a comprehensive plan. Still, it's a starting point with direction that feds had been waiting for from the White House as they deal with mounting cybersecurity challenges.

Go deeper

Hungary's Viktor Orbán granted sweeping powers amid coronavirus crisis

Viktor Orbán. Photo: Michal Cizek/AFP via Getty Images

Hungary's parliament passed a law Monday to allow Prime Minister Viktor Orbán almost unlimited power, for an indefinite period, to fight the coronavirus outbreak.

Why it matters: Hungary has taken a sharply authoritarian turn over the past decade under Orbán, and its likely that he and other strongman leaders around the world will seek to maintain powers they gain during the current crisis long after it's over.

Go deeperArrow34 mins ago - World

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 9:30 a.m. ET: 737,929 — Total deaths: 35,019 — Total recoveries: 156,507.
  2. U.S.: Leads the world in cases. Total confirmed cases as of 9:30 a.m. ET: 143,055 — Total deaths: 2,513 — Total recoveries: 4,865.
  3. Federal government latest: The White House will extend its social distancing guidelines until April 30.
  4. Trump latest: The president brushed aside allegations that China is spreading misinformation about the origin of the coronavirus on "Fox & Friends."
  5. Business updates: Americans are calm about their retirement savings despite coronavirus fallout.
  6. World updates: Israeli Prime Minister Benjamin Netanyahu will self-isolate after an aide tested positive for coronavirus.
  7. What should I do? Answers about the virus from Axios expertsWhat to know about social distancingQ&A: Minimizing your coronavirus risk
  8. Other resources: CDC on how to avoid the virus, what to do if you get it.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.

BIG3 to create a hybrid reality show about quarantine basketball

Illustration: Aïda Amer/Axios

Sports are on pause, and there's no timetable for their return. In the interim, leagues, teams and athletes are getting creative with ways to keep fans engaged.

The latest: A "quarantined reality show basketball tournament," courtesy of the BIG3, the upstart 3-on-3 basketball league founded by Ice Cube and his longtime business partner Jeff Kwatinetz.