The Trump administration is emphasizing a consolidated approach toward federal information networks and their security with rather than sticking with the disparate efforts of each individual department and agency, a senior White House official said last Thursday.
President Donald Trump last Thursday issued an executive order on cyber security that directs the heads of federal departments and agencies to prioritize the acquisition of shared information technology services, such as email and security, and calls on a White House technology council to report on the costs and challenges of transitioning departments and agencies to these shared services, as well as moving to a consolidated network or networks.
“If we don’t move to shared services, we have 190 agencies that are all trying to develop their own defenses against advanced protection and collection efforts,” Thomas Bossert, the assistant to the president for Homeland Security and Counterterrorism, said at the White House’s afternoon press briefing on Thursday. “I don’t think that’s a wise approach.”
Departments and agencies will still be responsible for the security of their own networks, but the approach can be different, Bossert said.
“What we need to do is view the federal government as an enterprise as opposed to just viewing each department and agency as its own enterprise,” he said. He used the federal Office of Personnel Management (OPM), which stores personal data on current and former federal employees, as an example. A serious network breach of OPM’s networks was detected two years ago, resulting in the theft of thousands of personnel records.
“But we need to look at the federal government as an enterprise as well so that we no longer look at OPM and think, ‘well, you can defend your OPM network with the money commensurate for the OPM responsibility,’” Bossert said. “OPM, as you know, had the crown jewel, so to speak, of our information and all of our background and security clearances. So, what we’d like to do is look at that and say, that is a very high risk, high cost for us to bear, maybe we should look at this as an enterprise and put collectively more information in protecting them than we would otherwise put into OPM looking at their relative importance to the entire” government.
The executive order contains three main sections, the first is focused on securing federal networks, the second is on the cyber security of the nation’s critical infrastructure, and the third is aimed at a broader set of issues, including deterring attacks, international cooperation, and developing the cyber workforce. Bossert said the sections, in a “sense,” are in order of priority.