blvdone - Fotolia
This week's Risk & Repeat podcast looks at President Trump's cybersecurity executive order and how it aims to address federal government and critical infrastructure issues.
The long-awaited cybersecurity executive order from President Donald Trump finally arrived last week, with ambitious directives to address both the federal government and the country's critical infrastructure.
Trump's executive order has been in the works for months, but has gone through numerous delays and revisions. The current cybersecurity executive order focuses on three areas: federal networks, critical infrastructure and the nation's overall cybersecurity. It also calls for several studies, reviews and security assessments from federal agencies and law enforcement/intelligence bodies, and puts a focus on implementing risk management plans.
In addition, the executive order explicitly puts cybersecurity responsibility and accountability squarely on each department and agency head throughout the U.S federal government. This action comes after large-scale data breaches and mismanagement at federal agencies such as the Office of Personnel Management and the Federal Deposit Insurance Corp.
However, the order is short on specific actions to improve cybersecurity for both federal agencies and critical infrastructure, and it doesn't provide detailed guidance for upgrading insecure legacy systems within the federal government.
What did Trump's cybersecurity executive order get right? What was overlooked? In this week's Risk & Repeat podcast, editors Rob Wright and Peter Loshin discuss those questions and more on the subject of government cybersecurity today.
Risk & Repeat: Dangerous Windows bug sparks disclosure debate
Risk & Repeat: Symantec strives to restore certificate trust
Risk & Repeat: More Equation Group cyberweapons hit the street