Industry groups largely approved of the Trump administration’s long-awaited cybersecurity order this week, though tech groups had more mixed reaction. At least one critic suggested that the initiative shifts cybersecurity too much into the hands of the military.
Industry groups have been looking for action from the Trump administration on cybersecurity, and on Thursday, they got some.
The president signed an executive order intended to reinforce the country’s cybersecurity infrastructure. The order would make agency leadership responsible for tech failings rather than IT departments, require federal agencies to use a standard cybersecurity framework, and move the country’s cyberdefense platforms to a cloud infrastructure.
The president’s homeland security advisor, Tom Bossert, noted that transitioning to the cloud would simplify security in the long run.
“We’ve got to move to the cloud and try to protect ourselves instead of fracturing our security posture,” Bossert said, according to NBC News. “If we don’t move to shared services, we have 190 agencies all trying to develop their own defenses against advanced collection efforts.”
Trade Groups Positive
Trade associations, which had long been anticipating the order, largely applauded it.
In a news release, American Bankers Association President and CEO Rob Nichols said the order “will enhance the security of government systems and help protect our critical financial infrastructure—and ultimately bank customers—through enhanced information sharing and greater cross-industry collaboration.”
The Edison Electric Institute, whose security concerns focus on the power grid, likewise applauded the information sharing that the order encouraged through the Electricity Subsector Coordinating Council.
“By working together through the ESCC, industry and government greatly enhance our nation’s ability to defend and protect against cyber and physical security threats,” EEI President Tom Kuhn noted in a release.
And National Restaurant Association Senior Vice President of Communications Steve Danon, in an emailed statement, characterized the order as encouraging, while noting that the restaurant industry deals with security risks of its own.
“We welcome an increased focus by the federal government on deterring adversaries who seek to do harm,” Danon said. “American restaurants are on the front lines of data security, fighting every day to protect their customers’ information.”
Tech Groups Mixed
Digital rights group Access Now noted that the order was a modest continuation of Obama administration policies, with one difference: It opened up room for the Defense Department to take a role on cybersecurity issues. “Any role of the Department of Defense in cybersecurity should be explicitly and firmly limited” to protect civil liberties, argued the group’s Amie Stepanovich.
Michael Daniel, president of the Cyber Threat Alliance and the White House’s former cybersecurity coordinator in the Obama administration, was more positive. In comments to ThreatPost, he noted that the executive order comes with some limitations.
“Of course, this order is more of a plan for a plan, because an EO can only direct federal agencies to do things they can already do within the law,” Daniel said. “But the reports it calls for are good ones to have, for the most part.”