{"id":9168,"date":"2017-05-14T01:40:09","date_gmt":"2017-05-14T01:40:09","guid":{"rendered":"http:\/\/www.lifeandnews.com\/articles\/?p=9168"},"modified":"2017-05-15T01:42:51","modified_gmt":"2017-05-15T01:42:51","slug":"global-ransomware-attack-reinforces-message-of-trumps-new-cybersecurity-order","status":"publish","type":"post","link":"https:\/\/www.lifeandnews.com\/articles\/global-ransomware-attack-reinforces-message-of-trumps-new-cybersecurity-order\/","title":{"rendered":"Global ransomware attack reinforces message of Trump’s new cybersecurity order"},"content":{"rendered":"

Frank J. Cilluffo<\/a>, George Washington University<\/a><\/em> and Sharon L. Cardash<\/a>, George Washington University<\/a><\/em><\/span><\/p>\n

A cyberattack is sweeping the world<\/a>, infecting thousands of computers and demanding their owners pay a ransom or risk losing all their data. The threat, which has affected the FedEx shipping company<\/a>, several hospitals in the UK<\/a>, a major Spanish telecommunications company<\/a>, and many more, makes even more urgent the need to improve U.S. cybersecurity \u2013 both within the federal government and throughout our internet-connected society. \"The<\/p>\n

President Trump\u2019s new executive order on cybersecurity<\/a> for federal computer networks and key elements of the country\u2019s infrastructure \u2013 such as the electricity grid and core communications networks \u2013 builds meaningfully on the work of the Obama administration<\/a>. It focuses on matters of common and bipartisan concern, meaning it is likely to avoid the disquiet and disorganization<\/a> generated by other recent executive orders.<\/p>\n

Cybersecurity is ultimately an exercise in risk management. Given the range of possible threats and the pace at which they may appear, it is impossible to protect everything, everywhere, all the time. But it is possible to make sure that the most valuable resources (such as particular networks and systems, or specific data) are properly protected by, at minimum, good cyber-hygiene<\/a> \u2013 and ideally, more.<\/p>\n

The executive order seeks to do just that, by calling on Cabinet secretaries and the heads of other federal agencies to follow the Framework for Improving Critical Infrastructure Cybersecurity<\/a>, created by the National Institute of Standards and Technology under the Obama administration. That framework also figures prominently in the final report<\/a> of Obama\u2019s Commission on Enhancing National Cybersecurity.<\/p>\n

Three key topics of the executive order are of particular interest because they suggest significant new developments in the federal government\u2019s approach to cybersecurity. The order rightly highlights cyber-deterrence<\/a>, the process of discouraging prospective attackers from actually trying to breach our systems. In addition, the order correctly identifies the electricity grid as needing stronger security \u2013 as well as the military\u2019s warfighting capabilities.<\/p>\n

Stepping up cyber-deterrence<\/h2>\n

One crucial element that has been largely missing from American cybersecurity efforts so far is cyber-deterrence. Just as nuclear deterrence let countries with nuclear weapons know that launching a nuclear attack would mean their own swift and sure destruction, cyber-deterrence involves making clear to prospective adversaries that attacks will either be too unlikely to succeed, or will be met by certain and severe retribution. <\/p>\n

The executive order asks a wide group of senior government officials \u2013 the secretaries of Commerce, Defense, Homeland Security, State and Treasury, plus the attorney general, the government\u2019s top trade negotiator and the director of national intelligence \u2013 to develop options for deterring cyber-adversaries (without specifying any in particular).<\/p>\n

Deterrence must, by nature, be multi-dimensional: It has to include a variety of obstacles to incoming attacks, as well as potential consequences for attackers. Coordinating diplomacy, military and economic efforts will be crucial to presenting a unified front to would-be adversaries. <\/p>\n

This is not to say that a one-size strategy will fit all. To the contrary, besides a robust general posture, the U.S. must also tailor its specific deterrence efforts to make sure they are effective against individual potential adversaries. <\/p>\n

Protecting the grid and the military\u2019s warfighting capabilities<\/h2>\n

The executive order also calls for additional protection of the electricity grid against cyberattacks. The potential is not hypothetical: Ukraine\u2019s grid was attacked twice<\/a>, in December 2015 and December 2016.<\/p>\n

And it calls attention to the military\u2019s industrial base<\/a>, including its supply chain \u2013 which collectively produces, delivers and maintains weapons systems and component parts that are necessities for the Department of Defense. A successful cyber-attack on key suppliers could hamstring America\u2019s armed forces as much as a physical incursion against them on the battlefield.<\/p>\n

Yet, as important as it is to identify and remedy existing vulnerabilities, the better course is always to design computer systems securely in the first place. The executive order focuses more on the former than the latter, since we must work with the capabilities and equipment we have, rather than just those we would wish to have.<\/p>\n

Basic guidance<\/h2>\n

More generally, the executive order discusses and reinforces the basic principles of good cyber-hygiene. For instance, it emphasizes the significant risks to departments and agencies, and the citizens they serve, if known vulnerabilities remain unrepaired. For instance, without proper protections, taxpayer records, Social Security data and medical records could be stolen or fraudulently altered<\/a>.<\/p>\n

Sadly, this is a vital issue. Recent testimony from the Government Accountability Office<\/a> documents the widespread problems government agencies have failing to install routine security upgrades and even using software so outdated the company that created it no longer supports it.<\/p>\n

But the executive order also looks to a future federal government that takes advantage of cloud computing and the Internet of Things<\/a>. The document not only calls for safeguarding existing networks and data; it declares the importance of systematic planning for future technological upgrades and advances, to manage risk effectively. Maintenance and modernization both matter, and both must be done securely.<\/p>\n

Overall, the order is a solid document, with guidance that is both measured and clear. Key to its success \u2013 and ultimately to the country\u2019s security in cyberspace \u2013 will be the relationship the government builds with private industry. Protecting the country won\u2019t be possible without both groups working in tandem.<\/p>\n

Frank J. Cilluffo<\/a>, Director, Center for Cyber and Homeland Security, George Washington University<\/a><\/em> and Sharon L. Cardash<\/a>, Associate Director, Center for Cyber and Homeland Security, George Washington University<\/a><\/em><\/span><\/p>\n

This article was originally published on The Conversation<\/a>. Read the original article<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Frank J. Cilluffo, George Washington University and Sharon L. Cardash, George Washington University A cyberattack is sweeping the world, infecting thousands of computers and demanding their owners pay a ransom or risk losing all their data. The threat, which has affected the FedEx shipping company, several hospitals in the UK, a major Spanish telecommunications company, […]<\/p>\n","protected":false},"author":44,"featured_media":9169,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[8],"tags":[612,2360,479,2023,1900,613,1749,1658,2013],"_links":{"self":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/9168"}],"collection":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/comments?post=9168"}],"version-history":[{"count":1,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/9168\/revisions"}],"predecessor-version":[{"id":9170,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/9168\/revisions\/9170"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/media\/9169"}],"wp:attachment":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/media?parent=9168"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/categories?post=9168"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/tags?post=9168"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}