As per media reports
and leaked proposed executive order
(pdf), US President Donald Trump will order a 60-day report on the state of the nation's cybersecurity, complete with recommendations on whether new legal powers are required.
The draft order reads:
"Cyberspace has emerged as a new domain of engagement, comparable in significance to land, sea, air, and space, and its significance will increase in the years ahead ... The Federal Government has a responsibility to defend America from cyberattacks that could threaten US national interests or cause significant damage to Americans' personal or economic security. That responsibility extends to protecting both privately and publicly operated critical networks and infrastructure".
The order further defines "Critical Infrastructure" as follows:
"The term 'critical infrastructure' means systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters".
A lot of Trumpís executive orders so far have been controversial, but this one looks innocuous. It largely consists of asking various agencies to gather information relevant to cybersecurity and report back within 60 to 100 days. This is the reason why many believe that one executive order would not be enough
to secure the federal government.
The challenge for the Trump team, then, is to figure out how to change the culture at government agencies to make security more of a priority ó without imposing rigid policies that prevent agencies from getting their work done. Thatís not an issue thatís explored in the draft executive order.