Trump Directing Agency Leaders to Secure Federal Cyber NetworksBy
Will hold cabinet members accountable for data hacks
Administration to work with private sector to prevent attacks
President Donald Trump will sign a directive Tuesday that holds government agency heads personally responsible for securing their departments’ computers against hackers as part of a plan to bolster defenses against cyber attacks.
Trump’s action comes weeks after U.S. intelligence agencies concluded that the Russian government sought to meddle in the U.S. presidential election by penetrating Democratic Party e-mail systems. Public concern over computer hacks has surged in recent years following disclosures of foreign spy agencies stealing data on U.S. government employees and thefts of financial and personal from major retailers and banks.
Leaders of federal departments and agencies will be required to undertake long-term planning for modernizing their computer networks and make their information technology systems compliant with best-practice standards in the private sector, according to a White House official who requested anonymity to discuss the order before it was signed.
The Office of Management and Budget will do its own review of the security plans developed by agencies and departments. The administration also is planning greater outreach to private sector companies that provide critical Internet infrastructure in hopes of preventing and better responding to cyber attacks, the Trump aide said.
The full scope of the cyber initiative was not immediately known, since the White House has not distributed the text of the executive action. During the presidential transition, Trump said he would instruct the Department of Justice to create joint task forces throughout the country to coordinate federal, state, and local law enforcement efforts to prevent cyber crimes. He also named former New York Mayor Rudy Giuliani, a supporter and adviser, to to lead an effort to coordinate with private sector cybersecurity experts.
Trump also has said he would ask the Pentagon to present recommendations for strengthening the nation’s Cyber Command, as well as build up the country’s offensive capabilities in cyberspace.
Hacking became an explosive political issue during the presidential campaign, when e-mail accounts of John Podesta, the chairman of Hillary Clinton’s presidential campaign, and staff members at the Democratic National Committee were breached and leaked online. U.S. spy agencies determined that the hacks were orchestrated by the Russian government to undermine confidence in the U.S. political system and damage Clinton’s campaign to the benefit of Trump.
Trump initially said he could not be sure who was responsible for the breach. He later Trump conceded that the attack was likely directed by Russia following a briefing by top U.S. intelligence officials. Trump has insisted that the intrusion nevertheless didn’t affect the election’s outcome.
Tuesday’s executive order does not identify specific countries as particular cyber threats, the White House aide said.
Some of the nation’s largest corporations have been hit with cyber attacks. In recent years, a hack of JP Morgan Chase’s data compromised data from over 83 million accounts, while an attack the U.S. government attributed to North Korea Sony Pictures Entertainment Inc saw sensitive e-mails and documents released.
Online firms including eBay Inc and Yahoo Inc have had hundreds of millions of users’ account information stolen, while an attack on Target Corp compromised some 40 million credit card numbers. During the Obama administration, the White House’s unclassified e-mail systems and the Office of Personnel Management’s employee databases were targeted.
Following some of those high-profile breaches, the Obama administration commissioned a cyber security review. In a 100-page report released in December, the panel recommended a series of actions, including a system for rating consumer products by their vulnerability to hacking, as well as a mandatory training program for senior government officials on computer security procedures.