Evan Vucci / AP

President Trump's executive order on cybersecurity, signed on Thursday, was months in the making. It orders several broad reviews of the cybersecurity apparatuses of federal agencies, and pushes them to use a certain standards for managing their cybersecurity.

Why it matters: Federal agencies are fighting an uphill battle when it comes to data security. Most of them are using very old systems and have tight budgets, yet they are prime cyber-crime targets.

By the numbers: According to a recent federal edition of Thales Data Threat Report, 34% of federal respondents experienced a data breach in the last year and 65% experienced a data breach in the past. Almost all (96%) consider themselves 'vulnerable', with half (48%) stating they are 'very' or 'extremely' vulnerable.

Here are some key takeaways from cybersecurity experts we talked to:

  • The administration took its time. "The original deadline was to turn this around in 90 days," said Daniel Castro, Vice President of the Information Technology and Innovation Foundation, said in an email. "And now that the executive order is out, we see that it is mostly a plan for a plan." But he also said the order is "a much more mature draft than the one we saw back in late January."
  • It doesn't tap private sector expertise. "I think the biggest weakness of it might be that is is really drawing heavily from government to implant the plan," said Castro in an interview, noting in his email that the "policies in this order lean heavily on the government for ideas and implementation rather than a public-private partnership approach." The private sector has its place in the order, though. The administration says it will look to companies for help with botnets and the order references the new American Technology Council.
  • Calls for IT modernization: "Trying to implement security on old, often obsolete technology is both difficult and expensive, and with limited IT talent available would be throwing good money after bad," said Steve Grobman, McAfee's Chief Technology Officer.
  • Consistency with previous plans: "It's great that we're not seeing a massive sway in policy from one administration to another. That continuity, and building upon areas that had gaps, is consistent with bipartisan approaches since the Bush administration," said Ryan Gillis, VP of Cybersecurity Strategy and Global Policy at Palo Alto Networks.
  • Tall order for agencies: "Moving government agencies to shared services and IT modernization alone are huge action items," Gillis said.
  • Cultural shift in approach to cyber: "We've never had an executive order require all federal agencies to apply NIST [standards] to their entire organization" and build a comprehensive risk and mitigation report, said Mike Shultz, CEO of Cybernance. "The 90-day deadline is a huge lift for an order that requires a cultural shift down to the DNA level of how we view cyber risk."
  • Budget uncertainty: Who's going to foot the bill for taking additional cybersecurity steps? "The right words are in there — that agencies should align budget planning with risk assessments — but the devil will begin the details," said Rear Admiral (ret.) David Simpson, cybersecurity consultant and former FCC Public Safety and Homeland Security Bureau Chief. "At least we'll be having adult conversations about the gap between what agency officials say and where they're actually putting their money."

The bottom line: Like most executive orders, this one didn't lay out a comprehensive plan. Still, it's a starting point with direction that feds had been waiting for from the White House as they deal with mounting cybersecurity challenges.

Go deeper

Updated 2 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 12 p.m. ET: 10,920,457 — Total deaths: 522,385 — Total recoveries — 5,789,032Map.
  2. U.S.: Total confirmed cases as of 12 p.m. ET: 2,753,754 — Total deaths: 128,871 — Total recoveries: 781,970 — Total tested: 33,462,181Map.
  3. Public health: The states where face coverings are mandatory Fauci says it has been a "very disturbing week" for the spread of the coronavirus in the U.S.
  4. Business: Top business leaders urge the White House to develop mandatory mask guidelines.
  5. Economy: The economy may recover just quickly enough to kill political interest in more stimulus.
  6. States: Florida reports more than 10,000 new coronavirus cases, and its most-infected county issues curfew.
3 hours ago - Sports

Washington Redskins to review team name amid public pressure

Photo: Patrick McDermott/Getty Images

The Washington Redskins have announced they will be conducting a review of the team's name after mounting pressure from the public and corporate sponsors.

Why it matters: This review is the first formal step the Redskins are taking since the debate surrounding the name first began. It comes after weeks of discussions between the team and the NFL, the team said.

Scoop: Instacart raises another $100 million

Illustration: Sarah Grillo/Axios Visuals

Grocery delivery company Instacart has raised $100 million in new funding, on top of the $225 million it announced last month, the company tells Axios. This brings its valuation to $13.8 billion.

Why it matters: This funding comes at what could be an inflection point for Instacart, as customers it acquired during coronavirus lockdowns decide whether they want to continue with the service or resume in-person grocery shopping.