Trump signs cyber order


President Donald Trump finally signed his long-anticipated cybersecurity executive order on May 11. The measure is broadly similar to drafts that have been circulating for months.

The order directs federal agencies to adopt the National Institute of Standards and Technology cybersecurity framework, and includes recommendations from a number of other high-level reports.

The document focuses on increasing cybersecurity of federal networks, securing critical infrastructure, deterring cyber threats and building international alliances are the pillars of the Trump administration's cyber strategy.

"It is something we have asked the private sector to implement and not forced upon ourselves," said Tom Bossert, White House homeland security and counterterrorism advisor said at a White House briefing announcing the execution of the order. "From this point forward departments and agencies shall practice what we preach." 

The order directs agency heads to assume responsibility for cybersecurity at their agencies and to provide the White House and Department of Homeland Security with risk mitigation assessments as part of a new federal enterprise risk management approach. Agencies will be required to identify both existing risk and known unmitigated risk.

"DHS and Secretary [John] Kelly will play a large and leading role in this effort," Bossert said of the effort to move to a federal enterprise view. He added that, "from this point forward, the president has issued a preference from today forward in federal procurement of federal IT for shared services." 

Innovation and modernization will take place in parallel with risk management and cybersecurity. "We can't promote innovation without first thinking through risk reduction," he said.

"There's always going to be risk," Bossert said about moving to cloud. "I'm not here to promote for you that the president has signed an executive order and created a cyber secure world and a fortress U.S.A.  That's not the answer, but if we don't move secure services and shared services, we're going to be behind the eight-ball for a very long time."

The modernization effort will be led by the newly created American Technology Council, based at the White House.

The second chapter of the order focuses on protecting critical infrastructure.

"The executive order not only requires [DHS] departments and agencies to help those critical infrastructure owners and operators…but to do it in a proactive sense," said Bossert.

Bossert argued that past administrations had commissioned reports and received recommendations, but had not acted. This executive order is "tilt towards action," he said.

"A lot of progress was made in the last administration but not nearly enough," said Bossert. "I think we're going to change that."

The order went through several drafts in recent months, and one provision caused concern when it initially leaked -- a call for the private sector to take steps to eliminate botnets.

Some in industry reacted with concern that the order was going to mandate action to eliminate botnets, but Bossert stated the language in the order calls for voluntary action.

The third section of the executive order focuses on creating a deterrence policy and developing international partnerships and norms.

"We need to establish the rules of the road for proper behavior on the internet, but we also then need to deter those who don't want to abide by those rules," and that deterrence policy needs to be formalized said Bossert.

"I think the last administration should have done that, had an obligation to do that and didn't," he said.

About the Author

Sean Carberry is an FCW staff writer covering defense, cybersecurity and intelligence. Prior to joining FCW, he was Kabul Correspondent for NPR, and also served as an international producer for NPR covering the war in Libya and the Arab Spring. He has reported from more than two-dozen countries including Iraq, Yemen, DRC, and South Sudan. In addition to numerous public radio programs, he has reported for Reuters, PBS NewsHour, The Diplomat, and The Atlantic.

Carberry earned a Master of Public Administration from the Harvard Kennedy School, and has a B.A. in Urban Studies from Lehigh University.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.


  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group