The Presidential Executive Order issued on May 11, 2017 is fatally flawed by its focus on reports rather than action. I count nineteen big documents being delivered to 1600 Pennsylvania Avenue on August 11th alone. Our nation's cyber experts will be so busy with paperwork that no new protections will get implemented. Worse, the White House will not have sufficient capacity to properly read all these required reports. Sigh.
I’m surprised by this, to be honest. I had hoped that Donald Trump would be the first President to cut through all the Washington bull and demand a plan that is clear and simple. If anyone on my staff ever handed me something like this Order with all its reports, I’d have glanced up expecting to see April 1st on the calendar. Here is what I’d hoped to see instead from our non-politician President:
By the authority vested in me as President by the Constitution and the laws of the United States of America, and to protect American innovation and values, it is hereby ordered that, effective immediately:
1) The NIST framework will be the only security compliance framework for Civilian Agencies. 2) Shared IT and virtualized cloud services are preferred for IT infrastructure in Civilian Agencies. 3) The number of youngsters in Cyber Corps from each Civilian Agency shall quadruple in the next two years.
The US Defense and Intelligence Communities should do everything in their power to help Civilian Agencies in cyber security.
Signed, Donald J. Trump
As one of our Nation’s most experienced cyber security experts, I am comfortable enough in my skin to be openly critical of this Order. I do so for love of Country, not to be a pest. I would thus call on the President to demand an immediate rewrite of this Executive Order and to halt all the report-generation. This document is exactly the sort of thing Donald Trump ridiculed on the campaign trail.
I am hopeful that this Order can and will be redone.