Congress offers some early praise of Trump’s cyber executive order
President Trump’s executive order on cybersecurity won early supporters on Capitol Hill, though several expressed continuing concern about the path forward to defend against cyber threats.
Trump signed the long-awaited executive order on Thursday, thought drafts have been circulating since the White House abruptly cancelled a planned signing event in January.
The executive order says agencies should be held accountable for their own cybersecurity and requires, effective immediately, that they use the cybersecurity framework developed by the National Institute of Standards and Technology (NIST).
Rep. Lamar Smith (R-Texas), who chairs the House Science Committee, celebrated the order’s NIST framework requirement. Smith’s committee has approved legislation that would require NIST to audit and assist agencies that adopt the framework.
“Cybersecurity is critical to national security, and today’s executive order shows that President Trump is taking the matter seriously,” Smith said.
The order also places a premium on adopting newer, more secure information technology in the executive branch. In addition, it orders a number of assessments, including those on critical infrastructure protection, threats to the defense industrial base and military platforms, and the disruption of botnets.
Sen. John McCain (R-Ariz.), who has taken aim at the new administration for its lack of movement toward a cyber policy or strategy, expressed appreciation for Trump’s interest in understanding the threats in cyberspace—but said plainly, “We do not need more assessments, reports, and reviews.”
“I hope the various reviews ordered today will be completed quickly and build on the many assessments required by the past two defense authorization bills so we can move on to the urgent business of formulating a strategy to deter, defend against, and respond to cyberattacks on our nation,” McCain added.
Rep. Jim Langevin (D-R.I.), a member of a cyber subcommittee in the House, expressed support for the executive order, particularly its provisions related to federal network and critical infrastructure protection. He described the order as largely a “continuation of the Obama administration’s approach” to cybersecurity.
Langevin, however, expressed concerns about the Trump administration’s slow pace of filling cybersecurity roles at the Departments of Homeland Security and Defense, which he indicated could compromise implementation of the executive order.
“I remain deeply concerned by the president’s lack of urgency in appointing officials to fill critical cybersecurity roles, including at the Departments of Defense and Homeland Security,” Langevin said.
“The [executive order] contains important guidelines for improving our cybersecurity posture, but without personnel to implement it, I am afraid our nation will continue to be at risk.”
Sen. Claire McCaskill (D-Mo.), a frequent administration critic, said she was "pleased" to see the executive order.
"I stand ready to work with the President and his Administration on essential efforts to strengthen the federal government’s cybersecurity and to protect our communities, businesses, and institutions from cyberattacks," she said.
Rep. Robin Kelly (D-Ill.), ranking member of an IT subcommittee, described the order as a “long-overdue first step,” but expressed concern about vacant cybersecurity positions in high levels of government.
“As the administration makes these commitments, key cybersecurity positions in the White House and federal agencies, including the Federal CIO, are still vacant,” Kelly told The Hill. “We cannot continue to just talk about updating our IT infrastructure, investing in our IT workforce, and enhancing our national security; we need to act.”
Sen. Ron Johnson (R-Wis.), who chairs the Senate Committee on Homeland Security and Governmental Affair, said that he was encouraged by the administration making cybersecurity matters a priority, but didn’t offer specific comments on the executive order.
“We must ensure that our data is secure and our critical infrastructure is not vulnerable to attacks,” Johnson said. “I’m glad to see the Trump administration is making these issues a priority and I look forward to reviewing the executive order.”
Johnson and other members of the committee on Thursday underscored the need for a cyber deterrence and response strategy.
Concerns about cyber threats have run high in the wake of major intrusions, including the Office of Personnel Management breach and the DNC hacks related to Russian interference efforts against the 2016 presidential election.