President Trump held a listening session with officials and outlined cyber priorities during a January 31 meeting as the administration focuses on putting together a more comprehensive cybersecurity strategy.
Federal Computer Week reported on the meeting, including a number of details that the cyber community will be happy to see. First and foremost is an understanding from the Trump administration of the importance of cybersecurity along with an approach that builds upon existing cybersecurity efforts.
The Trump administration has also spent time working on a cybersecurity executive order that will require agencies to implement the National Institute of Standards and Technology cybersecurity framework to manage risk. And, the administration also plans to conduct four separate cybersecurity reviews. These will look at cyber vulnerabilities and recommendations for protection; an assessment of the capabilities of cyber adversaries; a look at federal cyber capabilities; and a plan to work with the private sector to boost public-private information sharing.
"We must work with the private sector - the private sector is way ahead of government in this case - to make sure that owners and operators of critical infrastructure have the support they need from the federal government to defend against cyber threats," Trump said at an event to discuss his administration’s early cyber efforts.
All of these are positive steps. As the FCW story suggests, the Trump administration is taking a thoughtful and thorough approach to setting up a cybersecurity policy. While it is one thing to rush policies into place, the administration appears to be learning from experts in the field and then making decisions based off those conversations.
That is the best way to ensure that the nation’s cybersecurity roadmap is clear.
Throughout these reviews, the Trump administration will consider many things. At the top of their list should be a robust cloud security approach. While the administration has shown a desire to cut government spending, an increased use of cloud computing could help do that, at least when it comes to information technology. Agencies have been slower than the private sector to move to the cloud because of security concerns, something that has been addressed, but never fully fixed.
At Symantec, we’ve championed a consume, build and extend model to going to the cloud. While there are many methods for cloud security, we’ve found this to be one that allows organizations to use cloud services with confidence while not becoming so restrictive that the cloud loses its advantages. We congratulate the Trump administration on the steps they’ve taken so far in cybersecurity and believe with the right focus can continue to improve the government’s overall network security. Working cooperatively with industry as the administration’s cyber policy progresses will only strengthen the government’s ability to “move the dial” in protecting its assets and information.