Mohana Ravindranath | Nextgov | January 31, 2017 | 0 Comments

Trump: Agency Heads ‘Totally Accountable’ for Modernization, Cybersecurity

Carolyn Kaster/AP

President Donald Trump delayed signing an executive order that would make the heads of federal agencies accountable for internal IT modernization and cybersecurity of their agencies.

Trump was scheduled to sign a cyber-focused executive order Tuesday afternoon after a meeting with various cyber experts. The White House canceled the signing and Deputy Press Secretary Stephanie Grisham offered no explanation.

An early draft of the executive order creates review boards to examine various aspects of the nation’s cybersecurity vulnerabilities, adversaries and workforce, led by the secretaries of Defense and Homeland Security, National Intelligence Director, and the Director of the National Security Agency.

The White House’s morning briefing hinted at several changes from the draft. For one, the executive order will direct heads of federal agencies to take responsibility for internal cybersecurity and for modernizing their organization’s technology. The agency leaders should not delegate these tasks to chief information officers, a White House official said.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The measure will direct agency heads to work with the assistant to the president for intergovernmental affairs and technology initiatives Reed Cordish to coordinate those efforts. The director of the Office of Management and Budget will then be tasked with managing and overseeing risk across all components in the executive branch, the official said.

Trump plans to hold cabinet secretaries and agency heads “totally accountable for the cybersecurity of their organizations, which we probably don’t have as much … as we need,” he said during a meeting that included his cybersecurity adviser and former mayor of New York City Rudy Giuliani.

He also plans to “empower these agencies to modernize their IT systems for better security and other uses,” spanning federal networks and data, he said.

Agencies protecting civilian networks and infrastructure aren't "currently organized to act collectively/collaboratively, tasked, or resourced, or provided with legal authority adequate to succeed in their missions,” a draft of the executive order said.

“[M]aking it clear that the head of the agency is responsible for the systems and the data is helpful,” Rep. Jim Langevin, D-R.I., and head of the House Cybersecurity Caucus, said.

"One of the things I was really upset about with the OPM breach is the director or the agency clearly didn’t understand the value of the data they were charged with protecting," he added, referring to a massive intrusion into the Office of Personnel Management background checks that exposed the personal information of about 22 million people.

Langevin warned that agencies will need to be given resources to protect their data.

Under Barack Obama, a handful of lawmakers introduced legislation intended to promote IT modernization, including the Modernizing Government Technology Act. The MGT Act proposed that each agency create a working capital fund for modernization and that the General Services Administration operate a broader fund that agencies could apply to for additional support. The bill passed the House, but after the Congressional Budget Office estimated the cost at $9 billion, it didn’t get traction in the Senate.

Broad IT modernization “won’t be satisfied with a reshuffling of organizational charts,” Rep. Gerry Connolly, D-Va., said in a statement emailed to Nextgov. He said he hoped the new administration would be willing to invest in cybersecurity and IT upgrades by “leveraging savings,” as the MGT Act intended.

Trump noted during his meeting with Giuliani that agencies need to work with the private sector, which is “way ahead of government” in cybersecurity capability, to make sure owners and operators “have the support they need from the federal government to defend against cyber threats.”

Despite the fact that the Democratic National Committee spent “hundreds and hundreds of millions of dollars more money than we did,” they were hacked “terribly successfully,” Trump said during the meeting. “And the Republican National Committee was not hacked. Meaning it was hacked, but they failed. It was reported, I believe, by Reince [Priebus] and other people that it was hacked, but we had a very strong defense system against hacking.”

Giuliani noted that the private sector is “wide open to hacking, and sometimes by hacking the private sector, you get into government. So we can't do this separately.”

Joseph Marks contributed reporting.

Comments
JOIN THE DISCUSSION

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.