On May 11, 2017, President Trump signed an Executive Order titled “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” (the “Order”). The long-anticipated directive was issued months after the White House originally planned to release a cybersecurity order in February. Since then, revised drafts of the order were circulated, including a version from February 10, 2017 (the “Revised Draft”) that differed significantly from the initial draft order, but aligned with Executive Order 13636, “Improving Critical Infrastructure Security,” which was signed by President Obama on February 12, 2013. With few exceptions, the Order signed yesterday mirrors the Revised Draft that we previously analyzed in our February 17, 2017 blog post titled “Release of Cybersecurity EO May Have Notable Impact in Communications, Energy, and Defense Industrial Base Critical Infrastructure Sectors.” Here, we highlight key differences between the Revised Draft and the final Order.
Section 1: Cybersecurity of Federal Networks
The first section of the Order continues to primarily address cybersecurity risk management and IT modernization within the executive branch consistent with the Revised Draft and Executive Order 13636 signed by President Obama. The Order incorporates nearly all of the Revised Draft’s language in this section, with minor exceptions.
Continue Reading White House Issues New Cybersecurity EO