Joseph Marks | Nextgov | May 18, 2017 | 0 Comments

White House Adviser Wants to Move Cyber Risk Decisions Up the Chain

Orhan Cam/

A key goal of President Donald Trump’s recent cybersecurity executive order is to manage cyber risk on a governmentwide level rather than allowing agencies to make ad hoc determinations, the president’s top cyber adviser told an advisory board Thursday.

Currently, as a result of either budget constraints or poor cyber management, numerous agencies are relying on outdated software that may be vulnerable to attacks, White House Cybersecurity Coordinator Rob Joyce told members of the National Security Telecommunications Advisory Committee.

For example, the outdated Windows XP operating system, which was a target of the recent WannaCry ransomware attack, is still used in some smaller agencies, Joyce said. Microsoft stopped issuing patches to protect against hackers targeting XP in 2014 but issued an emergency patch to protect against the WannaCry attack this month.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The Trump administration’s goal, he said, is to pinpoint where those outdated or risky systems exist, to make governmentwide decisions about whether those risks are acceptable and to reallocate money to update those systems when the risk is unacceptable.

“If we allow individual departments and agencies to fend for themselves, we often will get the lowest common denominator as our weakest link in what is an interlinked federal network,” he said.

The executive order, released last week, mandates agencies adhere to a cybersecurity framework developed by the National Institute of Standards and Technology, and promises to hold agency heads accountable for poor security, among other directives.

It also directs the Homeland Security and Commerce departments to work with private businesses and other stakeholders to make the internet more resilient against botnets, which are armies of infected computers that hackers conscript to launch cyberattacks unbeknownst to their owners.

There were initial concerns that section would include new mandates for industry, but the final draft makes any cooperation voluntary.

Joyce urged private-sector members of the advisory committee to share botnet-combating ideas with the White House.


Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.