The White House issues Executive Order on cybersecurity

The White House issues Executive Order on cybersecurity

"A year after the White House eliminated the position of cybersecurity coordinator, President Donald Trump called for everyone else to do the opposite and push cybersecurity coordination through worker training and recruitment."

"America built the internet and shared it with the world; now we will do our part to secure and preserve cyberspace for future generations," said Trump in a statement Thursday.

Advertisement

The Executive Order calls for supporting cyber workforce mobility between the private and public sector, without addressing how that will be accomplished. It calls for more training opportunities, for recognizing cybersecurity talent and holding agency heads accountable for risk management.

It directs the Secretary of Homeland Security to create a cybersecurity job rotation program, so government IT security professionals have an opportunity to learn from and share knowledge with different agencies.

The order calls for the use of the National Initiative for Cybersecurity Education (NICE) and NIST's Cybersecurity Workforce Framework to gauge the skills of industry practitioners and instructs the Director of the Office of Personnel Management (OPM) to compile a list of cybersecurity aptitude tests that agencies can use to evaluate practitioners.

Advertisement
SmartThings Monitor Your Home or Office while away at SmartHome.com Order here!

There's also to be a Workforce Report to evaluate and make recommendations about government cybersecurity goals and talent development.

This might not end well

Then there's the Cup. The order demands a plan for an annual tournament, called the President's Cup Cybersecurity Competition (PCCC), which will be open to government employees and armed service members.

"The goal of the competition shall be to identify, challenge, and reward the United States Government’s best cybersecurity practitioners and teams across offensive and defensive cybersecurity disciplines," the Executive Order says.

There are to be individual and team events for various sorts of hacking, with cash awards of not less than $25,000. The first PCCC is to be held before the end of this year.

Katie Moussouris, founder and CEO of Luta Security, told us that the competition could be tricky to implement.

"From the experience running the BlueHat Prize competition for $250,000 in defensive research, we were forced by gaming law to restrict what we could consider based on the exact rules we published and didn't get to see some of the entries as a result," she said.

But Moussouris said overall the Executive Order is a good move, so long as it helps fill in the gaps where talent is scarce. Pointing to her Congressional testimony on the subject last year, she stressed the need for defense and maintenance.

"Our love affair and obsession with offense security skills can't overtake our practical workforce needs to prevent as many issues as possible and create a workforce of secure builders and maintainers, not just bug hunters," she said.

In a statement to the VP of security strategy and threat intelligence at security biz Venafi, said the Executive Order represents a positive step toward addressing cybersecurity threats. But he contends that acknowledging the need to address these threats isn't enough.

Advertisement

"It’s especially noteworthy that this new directive concentrates on addressing the US federal government’s lack of competitiveness when attracting and retaining talent," said Bocek. "If the government wants to recruit the greatest minds in cybersecurity, it must make sure our tools and technology are the best in the world and demonstrate their commitment to success by partnering with industry on key policy questions."

For example, Bocek urged the Trump administration to adopt the advice of industry experts and commit to not supporting encryption backdoors in consumer technology.

In March, the US Navy issued its Cybersecurity Readiness Review, in which it warned that the Navy "is preparing to win some future kinetic battle, while it is losing the current global, counter-force, counter-value, cyber war."

The Navy's cyber SOS was ignored earlier this week when Vice President Mike Pence told Navy personnel aboard the aircraft carrier USS Harry S. Truman that the aging ship will not be mothballed in 2025, something the Navy proposed in its 2020 budget. It's estimated that Navy would have saved $20bn over the coming three decades by retiring the vessel.

Those funds could have gone toward cybersecurity or other more modern systems of interest to the Navy. Now at least Navy personnel will have some motivation to try for the PCCC prize money. ®

#cybersecurity

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

back to top

Popular Cyber News

Top Tips to Protect Your Business Against Social Media Mistakes

Top Tips to Protect Your Business Against Social Media Mistakes

11 May, 2019

Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or ...

Study Shows Extent of Cyber Risk

Study Shows Extent of Cyber Risk

10 May, 2019

A new study shows SMBs face greater security exposure, but large companies still support vulnerable systems as well. ...

How to Secure your Azure Storage accounts

How to Secure your Azure Storage accounts

14 May, 2019

Enterprise data is growing exponentially and becoming more complicated, making it harder to manage, and an even bigger c...

Vodafone is Challenging Huawei Report of Telnet 'Backdoor'

Vodafone is Challenging Huawei Report of Telnet 'Backdoor'

01 May, 2019

Vodafone is challenging a Bloomberg report that security vulnerabilities and backdoors within Huawei networking equipmen...

Malware: Doesn't need to be new to cause serious damage

Malware: Doesn't need to be new to cause serious damage

05 May, 2019

The good news is: The development of new malware exploits has slowed significantly.

Microsoft adds Plug and Play to IoT

Microsoft adds Plug and Play to IoT

03 May, 2019

Microsoft just announced that it wants to add the advantages of Plug and Play, which allows you to plug virtually any pe...

Twitch streamers take action to secure their accounts against hacks

Twitch streamers take action to secure their accounts against hacks

30 April, 2019

Twitch has an account hacking problem.

Over 22 billion IoT devices are out there

Over 22 billion IoT devices are out there

20 May, 2019

Enterprise Internet of Things (IoT) remains the leading segment, accounting for more than half of the market, with mobil...

Lessons learnt from cyber attacks

Lessons learnt from cyber attacks

07 May, 2019

Communication about cyber attacks emerged as another key theme in the panel discussion. The SingHealth data breach under...

Categories

Home Tech Reviews UK

Mobile Tech Reviews UK

×

Sign up to keep in touch!

Be the first to hear th latest Cyber and Tech News straight to your mailbox.

Check out our Privacy Policy & Terms of use
You can unsubscribe from email list at any time