In the wake of his draft cyber review memo leaking last week, President Donald Trump is set to meet with cybersecurity professionals Tuesday afternoon before signing an executive order detailing federal agencies' responsibilities for protecting the nation's networks.
"The idea on the executive order the president hopes to sign today is that it will establish that henceforth, the president will hold the heads of federal agencies accountable for managing their cyber risk," an administration official said, offering a preview of the order on background.
The order itself won't include any new proposals – it puts the onus on agency IT managers and CIOs to protect their systems; directs agencies to adhere to NIST's cybersecurity framework; and gives the Office of Management and Budget authority to set policy and monitor security across the executive branch.
This final point builds work done toward the end of the Obama administration, with the appointment of a federal chief information security officer (CISO) within OMB, reporting to the Federal CIO, charged with setting broad cybersecurity policy.
The first Federal CISO, Gregory Touhill, spent only a few months in the job before leaving public service just before inauguration.
What we're asking now is for the OMB director to run an effort – or to lead an effort – to then assess the enterprise risk to the entire federal government," the official said.
The order will also harken another late Obama administration initiative: The Modernizing Government Technology Act, a version of which passed the House in September but languished in the Senate. While it was not clear whether the exact legislation would be revived, the Trump administration said it plans to make IT modernization a key part of its cybersecurity posture.
"This order also directs the agency heads to being to plan for the deliberate modernization of the federal executive branch IT," the official said. "Working with the assistant to the president for intergovernmental affairs and technology initiatives, this will be critical, and it's a long overdue step, important to the ability to secure our networks and data."
The Obama administration originally proposed a $3.1 billion revolving fund to manage these upgrades. However, the final version of the MGT Act to pass the House required agencies to find funding within their existing budgets, with a much smaller revolving fund. Legislators failed to reach a compromise on just how large that fund would be.