Trump's Innovative Cyber Policy: "You have less than 90 days"

TRUMP’S CYBERSECURITY EXECUTIVE ORDER

If there is one person who approves of Trump’s recently signed executive order, its former president Obama.Why, you ask? A side by side comparison of Obama's and Trump's policy and it’s clear. Trump simply mandated compliance of Obama’s 2013 executive order within 90 days. While his tactic of “do what the other guy did” is nothing innovative for American policy, it does validate the precedent set by his presidential predecessor.On May 11th Donald Trump signed an executive order carrying forward his predecessor’s policy and mandated that all federal agencies have 90 days to adopt the NIST Cybersecurity Framework, among other requirements. For executives required to adopt the framework, there are a few things you should know. Mainly, how it provides a mechanism for organizations to:1) Describe their current cybersecurity posture2) Describe their target state for cybersecurity3) Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process4) Assess progress toward the target state5) Communicate among internal and external stakeholders about cybersecurity risk

OBAMA’S CYBERSECURITY LEGACY

No executive administration in America’s history had to confront cybersecurity as a national priority the way Obama did. The myriad of prolific Obama era cyber-attacks were more frequent, farther reaching and sophisticated.The Obama administration came up with a plan to address the defense of America's digital infrastructure. It was the first of its kind drafted by a president who recognized the need to secure America’s newly developed cyber frontier. The directive came equipped with the largest multibillion-dollar investment in American cyber security. Intended to establish a cybersecurity framework, the original policy tasked the:

“National Institute of Standards and Technology (NIST) to lead the development of a framework to reduce cyber risks to critical infrastructure.”

The unprecedented legislation also gave rise to a new breed of partnerships between the public and private sector. A partnership rooted not in silos but sharing of information regarding cyber security risks. The result paved way for the first, NIST sponsored, Federally Funded Research and Development Center (FFRDC) known as the National Cybersecurity Center of Excellence (NCCoE). Affectionately known by the industry as “the center”, the NCCoE served as the nexus of collaboration for America’s tech giants, government agencies, and academia to mitigate cybersecurity risks in as they applied to specific economic sectors.With an overnight budget of $5 billion, The Center cemented itself as a new breed of cyber unicorn, solidifying Obama's vision for securing the nation's critical infrastructure.

THE NEED FOR CYBER WORKFORCE DEVELOPMENT

In January, President Donald Trump committed to developing a national cybersecurity strategy in 80 days. With a large focus on workforce development. The order mandates:"Agency heads shall show preference in their procurement for shared IT services, to the extent permitted by law, including email, cloud, and cyber security services.Further, the United States seeks to support the growth and sustainment of a workforce that is skilled in cyber security and related fields as the foundation for achieving our objectives in cyberspace.Workforce Development. In order to ensure that the United States maintains a long-term cyber security advantage:(A) jointly assess the scope and sufficiency of efforts to educate and train the American cyber security workforce of the future, including cybersecurity-related education curricula, training, and apprenticeship programs, from primary through higher education; and(B) within 120 days of the date of this order, provide a report to the President, through the Assistant to the President for Homeland Security and Counterterrorism, with findings and recommendations regarding how to support the growth and sustainment of the Nation's cybersecurity workforce in both the public and private sectors.(C) review the workforce development efforts of potential foreign cyber peers in order to help identify foreign workforce development practices likely to affect long-term United States cyber security competitiveness"This long-delayed policy is an effort to secure porous federal networks, create framework focused security activities, and develop a cyber-savvy workforce.

THE CYBER WORKFORCE OF THE FUTURE

So how does one prepare a cyber-workforce for the future?Imagine an online platform that provides a combination of training, assessment, and communication. A solution that integrates security assessments into your workforce. A security tool designed to enhance the learning experience. A platform where information sharing actually increases security. A tool that empowers the American workforce. As a member of the National Initiative for Cybersecurity Excellence (NICE) Certifications and Training Workgroup, Cybrary is poised to fill the gap in today’s cyber workforce development.Start today by assessing your team on NIST's Risk Management Framework at no cost.You can learn more about Cybrary's security training resources including the latest course on the Risk Management Framework here.Thomas Callahan is a Software Engineer at Cybrary passionate about bridging the cyber security skills gap.