On May 11, 2017, the White House released its long-awaited Executive Order on cybersecurity (EO). The EO directs Executive Branch agencies to develop plans to assess and improve the cybersecurity of their own operations, based on the 2014 NIST Cybersecurity Framework; directs law enforcement and national security agencies to work with providers of critical infrastructure to improve their security, with specific emphasis on resilience against botnets and other distributed threats; and directs a variety of agencies to report on how to deter cybersecurity problems that affect the public on the internet at large, with an emphasis on the need to develop a workforce capable of handling cyber-threats. These points are addressed in more detail below.
The EO directs numerous agencies to rapidly prepare a variety of assessments and recommendations on a range of cybersecurity issues. Private sector entities that provide services to, or interact with, the federal government – or whose own operations constitute part of the nation’s “critical infrastructure” – could be affected by actions taken in response to these reports and recommendations. As a result, such entities should monitor the development of these reports, and consider working with the affected agencies to ensure that an entity’s particular concerns are addressed.