President Trump has signed an executive order on cyber security that was originally expected to come soon after the inauguration. The order will initiate a review of the cyber security capabilities of the United States.
The review will include looking into the use of software used by the government provided by Russian cyber security provider Kaspersky Lab. US intelligence leaders have previously raised concerns that the software could be used to launch a nation-state cyber-attack on the US.
The sentiment was made clear when Florida Senator Marco Rubio asked a group of intelligence leaders whether they would use Kaspersky Lab software on their own computers, and ‘no’ was the resounding answer, led by director of national intelligence Dan Coats.
The order will now channel the responsibility for cyber risks to the head of federal agencies; this differs to the original draft to some extent. A 90 day period for reporting on risks is now required, and standards have been implemented by the National Institute for Standards and Technology that are to be followed.
Botnets have been extremely prominent, striking fear into executives of major organisations on a widespread basis, with the Mirai Botnet perhaps most responsible for this. This method of cyber-attack deployment is now set to go under specific review under this new executive order.
Federal cyber security will now be monitored more closely by the military, having gained a greater level of responsibility in this area, an option that the Obama administration chose not to put into place.
Kevin Bocek, Chief Cyber-Security Strategist at Venafi commented: “The Order on strengthening government’s cyber security defences should bring some focus to our efforts to protect our critical infrastructure. However, there needs to be less focus on the cyber security incidents of the past. To keep government agencies and businesses safe, the government orders and initiatives like this one need to be expanded to include threats that have the potential to impact us in the future. Cyber criminals are beginning to target cloud services, IoT devices and the wide range of new device types and applications businesses around the world employ.
This point made by Mr Bocek does raise the concern that the next greatest cyber threats such as IoT related attacks are not receiving enough attention. However the focus on botnets does indicate a close monitoring of cyber-attack trends.
Kevin Davis, VP of Public Sector, Splunk said: The President’s early focus on cyber is good for the public and private sector. Improving cybersecurity is one of the few items both sides of the aisle can reach across and agree on, and today’s executive order is a good, bipartisan step to better protect our government’s networks and critical infrastructure.