24 Mar Preparing for Trump’s Anticipated Cybersecurity Executive Order
By Bob Heckman, CISO
There has been much discussion in the media and around the Beltway about what President Trump’s anticipated executive order on cybersecurity will include. Last week, Mike Orcutt, an editor with the MIT Technology Review, wrote an article on the subject, Sizing Up Trump’s Cyberwar Strategy. He made some interesting points, and I commented to the article with the following:
The appointment of a Federal CISO would be a great start – it would help with standardizing the tools, technologies, efforts, guidelines, budgets, etc. necessary to bring less mature organizations up to an acceptable level.
DoD and the IC have been dealing with sophisticated threats for years so sharing those experiences, lessons learned, and tools with Federal Civilian agencies could only help the situation. Improved information sharing on things like threats and TTPs between Federal organizations and industry would also be a big help – for example, the work the DoD Defense Industrial Base (DIB) Collaborative Information Sharing Environment (DCISE) has done to improve cyber intelligence sharing between DoD and the contracting firms supporting the Department. Similar CISEs should be established across all critical infrastructure and private sectors where possible to share cyber-related information and improve the security of the overall community.
It would also be a great idea to encourage manufacturers and services providers to provide products that are secure by design/out of the box. DoD has been using DISA STIGs to harden their systems for years. Wouldn’t it be a great idea to harden Grandma’s Surface Pro before she opens it on her birthday? A lot of work needs to happen to raise awareness and create a culture of cybersecurity across the U.S. – including Government, Industry, and individual citizens.
I would be interested in hearing what you think.