The Trump administration is “close” to releasing its final cybsersecurity executive order, which will focus on the administration’s cybersecurity priorities of innovation, protecting critical infrastructure, and addressing international cyber norms, according to Robert Joyce, special assistant to the president and cybersecurity coordinator at the White House.
“I think you will find that the administration priorities are reflected in the work that’s going into the executive order,” Joyce said Monday. “I will hesitate to comment on the timing; it is close and nearby.”
Joyce, who spoke for the first time since entering his position at the White House at the Georgetown International Conference on Cyber Engagement, said that the administration wants to make sure that the executive order receives full consideration before signing and doesn’t draw attention from other important administration objectives.
The Trump administration’s first attempt at a cybersecurity executive order was criticized for placing too much responsibility with Department of Defense leadership, and a second draft of the order was pulled just before a scheduled signing in late January.
Two weeks ago, retired Gen. Michael Hayden, who has served as the director of both the National Security Agency and CIA, confirmed the existence of a new draft order, characterizing it as “what you’d expect” of a national cybersecurity initiative.
Joyce emphasized that the administration wants to hold agency leadership accountable for breaches, though he couldn’t say if a serious breach would lead to an agency secretary losing their job.
“Cybersecurity isn’t the domain of the IT department or even the chief information security officer,” Joyce said. “That leadership from the top is what is going to make us safe.”
Joyce and his staff will also be participating in the president’s son-in-law Jared Kushner’s Office of American Innovation, with a focus of making sure that new government technologies and systems are designed with cybersecurity from the ground up.
According to Joyce, the president is supportive of modernization efforts that will streamline and secure government networks.
“The president believes we must move to shared services in future IT procurement decisions. A major effort is underway in the office of American innovation, developing approaches for the president’s consideration to modernize Federal IT systems, retire those old, outdated systems, and move to shared services,” Joyce said. “The refresh offers important opportunities to improve our cybersecurity posture, because it’s no secret that there are outdated and indefensible IT components in the Federal government today.”
Joyce added that the president’s second cybersecurity priority is to ensure the security of the nation’s critical infrastructure, namely, its ability to recover from a serious breach or incident.
“The third cybersecurity priority we have in our administration is out in the international space,” Joyce said. “We will not allow other nations to hold us at risk through malicious use of cyber.”
According to Joyce, the Trump administration wants to make sure that international law is applied to cyberspace, though experts have said that current norms are not enough to prevent nation-states from taking malicious actions in cyberspace, such as the hacking of an election.
Editor’s Note: This story has been updated.