On May 11, the U.S. Department of Homeland Security released a statement on the president’s recent cybersecurity executive order.
The Executive Order signed by the president today, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, follows through on a key campaign promise made to the American people. It reaffirms the important role the Department of Homeland Security (DHS) plays in strengthening the security and resilience of federal networks and the nation’s critical infrastructure.
“Our nation’s economic and national security rely on a safe, secure, and reliable cyber space,” said Secretary of Homeland Security John Kelly. “DHS has long been a leader in protecting our nation against cyber threats and this executive order reaffirms our central role in ongoing cybersecurity efforts. We have developed strong operational relationships with our government partners to protect federal civilian networks and have established trusted partnerships with the private sector to improve the cybersecurity of the nation’s critical infrastructure.”
The Executive Order, which builds on DHS’s legal authorities, directs the department to assess and report on a number of key actions in order to secure federal networks. While each department or agency is responsible for the cybersecurity of its networks, DHS leads these efforts and ensures a baseline level of security across the civilian executive branch. The Executive Order bolsters this work by:
- Directing agency heads to immediately use the National Institute of Standards and Technology (NIST) Cybersecurity Framework for risk management, and to provide within 90 days a risk management report to DHS and the Office of Management and Budget (OMB) on the implementation of the framework and risk management strategies employed by the department or agency.
- Directing DHS and OMB to assess federal agencies’ cybersecurity risk management strategies in order to determine the adequacy of cyber protections across federal networks and identify any unmet budgetary or policy needs.
- Directing DHS and OMB to provide a plan to the president, within 60 days of receiving the agency reports, on how to protect the executive branch enterprise.
- Directing DHS and other agencies to provide the president with a report within 90 days on the technical feasibility to transition all agencies to one or more consolidated network architectures and shared IT services.
The Executive Order also enhances the department’s ability to support the cybersecurity efforts of the nation’s critical infrastructure owners and operators. This includes:
- Directing DHS to lead the coordination with other departments and agencies to identify federal resources and capabilities best suited to protect critical infrastructure where a cyber incident could have catastrophic effects.
- Directing DHS and the Department of Commerce to provide a report within 90 days to the president on how best to promote market transparency of cyber risk management practices by critical infrastructure entities.
- Directing DHS and the Department of Commerce to lead efforts to improve the resilience of the nation’s core communications infrastructure; providing a preliminary report within 240 days and a final report within one year.
- Enhancing DHS’ partnership with the Department of Energy to assess the resilience of the electric grid and provide an assessment within 90 days of any gaps in the security of the nation’s electric subsector.
- Directing DHS, the Department of Defense and the Federal Bureau of Investigation to provide a report within 90 days to the president assessing the cybersecurity of the defense industrial base.
The Internet is part of the underpinning of the American economy, and the Executive Order affirms that it is the policy of the United States to promote an open, interoperable, reliable and secure Internet. In furtherance of this policy, the Executive Order:
- Directs an interagency team, including DHS, to submit a report within 90 days to the president on the nation’s strategic options for deterring adversaries and better protecting the American people from threats in cyberspace.
- Directs an interagency team, including DHS, to submit a report within 45 days on international cybersecurity priorities; and within 90 days of the submission of the priorities report, develop an international cybersecurity engagement strategy.
- Directs DHS and Department of Commerce to lead coordination with other agencies and submit a report within 120 days the findings and recommendations to support the growth and sustainment of the Nation’s cybersecurity workforce.
Strengthening the security and resilience of cyberspace is an important part of the homeland security mission. The president’s Executive Order builds upon existing capabilities and authorities while strengthening the department’s ability to carry out its mission of protecting federal networks, supporting critical infrastructure owners and operators, and ensuring an open and reliable Internet for all Americans.