White House 'Close' to Releasing Cybersecurity EO, Trump Aide Says

White House continued to revise the anticipated order in the months since officials first delayed Trump's planned late January signing of it. Then, the order would have directed the Office of Management and Budget to assess all federal agencies' cybersecurity risks and required agencies to manage their risk using the National Institute of Standards and Technology's Cybersecurity Framework (see 1701310066). Later drafts of the EO included language that would direct the Department of Commerce to explore ways to encourage “core communications infrastructure” companies “to improve the resilience of such infrastructure and to encourage collaboration with the goal of dramatically reducing threats perpetrated by” botnets (see 1702280065). Trump administration staffers are ensuring the text of the executive order is “closely aligned” with Trump son-in-law and White House Office of Innovation Director Jared Kushner’s plans to develop “approaches for the president’s consideration to modernize federal IT systems, retire outdated systems and move to shared services,” Joyce said during the Georgetown University event. “We must make sure that innovation and cybersecurity are intertwined.” The White House wants to ensure that the EO “emerges with the time and attention it needs … and at the same time is sequenced with other things the administration is rolling out so we don’t distract from other important messages that are out there,” Joyce said. The White House’s bid to revamp federal IT systems “offers important opportunities to improve our cybersecurity posture, because it’s no secret that there are outdated and indefensible IT components in the federal government today,” Joyce said.