White House Delays Planned Trump Cybersecurity Executive Order
The White House canceled plans Tuesday for President Donald Trump to sign an executive order that would trigger a promised pan-federal government review of agencies’ cybersecurity practices. Trump had promised ahead of his inauguration last month that his administration would issue a “major report on hacking defense” within 90 days of his taking office (see 1701110051). The White House didn’t comment.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The intended executive order would direct the Office of Management and Budget to assess the cybersecurity risks of all federal agencies and “hold the heads of federal agencies accountable for managing their cyber risk,” a White House official told reporters. The order would have directed all federal agencies to manage their cyber risk using the National Institute of Standards and Technology-developed Cybersecurity Framework, the official said. The order would direct agencies’ leaders to begin planning a “deliberate” modernization of executive branch IT systems, the official said. The person spoke to reporters on condition of not being named.
The delayed executive order would direct the secretaries of homeland security and other departments to “engage with the owners and operators of the most essential of critical infrastructure entities” in a bid to “develop ways to protect the entities from catastrophic cyber incidents and respond to those incidents that nevertheless do occur,” said the White House official. The order would direct the departments of Commerce, Defense and other agencies to take steps to “advance the cybersecurity of our nation's critical infrastructure, consider ways of deterring adversaries and to promote” an open internet, the official said.
The delay in issuing the cybersecurity executive order came after meetings aimed at publicly framing the order’s rollout. “I will hold my cabinet secretaries and agency heads accountable, totally accountable for the cybersecurity of their organizations which we probably don’t have as much, certainly not as much as we need,” Trump said during a “listening session” with Director of National Intelligence nominee Dan Coats, former New York City Mayor Rudy Giuliani and cybersecurity experts. Trump tapped Giuliani last month to lead a committee on cybersecurity developments involving company heads (see 1701120026). Giuliani urged the committee to “look for long-term solutions” on cybersecurity that would include engagement with the private sector. “By speaking out on this and holding regular meetings on it and using the bully pulpit, the presidency, you get the private sector to wake up,” Giuliani said: Some in “the private sector have to wake up to the fact that they have to do more.”
The move to delay Trump’s signing of the executive order seems “odd” since the order appeared to be uncontroversial and largely in keeping with the cybersecurity priorities of former President Barack Obama’s administration, an industry lobbyist told us. Trump has come under fire from the tech sector over his executive order banning citizens from seven Muslim-majority countries from entering the U.S. for 90 days (see 1701290001, 1701300023 and 1701310049).