April 29, 2017, marked Donald Trump’s 100th day in office as President of the United States. Since his inauguration on January 20, President Trump has fulfilled his campaign promises of nominating a conservative judge to the Supreme Court and withdrawing the United States from the Trans-Pacific Partnership. But he has yet to meet some of his other goals as of this writing, including building a wall along the U.S.-Mexican border and reforming the nation’s healthcare system.
Let’s now look at how President Trump has fared so far with another of his assurances: his plan to overhaul and strengthen the U.S. government’s digital security.
It All Links Back to the DNC
In June 2016, news emerged of a hack against the Democratic National Committee, the governing body of the U.S. Democratic Party which at the time was helping Hillary Clinton coordinate her presidential campaign. CrowdStrike and other private security firms released reports blaming Russia for the intrusions. Their findings also claimed the hackers had stolen opposition research on then-candidate Donald Trump, who was running his presidential bid with the Republican National Committee.
At first, Trump didn’t publicly subscribe to the stories. He felt the DNC had fabricated the hack “as a way to distract from the many issues facing their deeply flawed candidate and failed party leader.” It took him until after he won the presidential election and just before his inauguration to admit to instances of Russian hacking, though he didn’t go so far as to say it had affected the outcome of the election.
Still, the incoming 45th President of the United States acknowledged his responsibility to help protect the nation against further digital attacks on par with those that struck the DNC. He said as much in a statement at the beginning of January:
“Whether it is our government, organizations, associations or businesses we need to aggressively combat and stop cyberattacks. I will appoint a team to give me a plan within 90 days of taking office. The methods, tools and tactics we use to keep America safe should not be a public discussion that will benefit those who seek to do us harm. Two weeks from today I will take the oath of office and America’s safety and security will be my number one priority.”
President-elect Trump wasted no time in appointing former NYC mayor Rudy Giuliani to help address digital security threats confronting businesses. He also announced his intention to meet with senior-level executives and discuss the digital challenges confronting their organizations. President Trump has indeed met with executives from multiple industries since taking office, but it’s unclear whether he has specifically discussed digital security with them.
The Executive Order on Digital Security
President Trump’s most significant digital security measure arrived near the end of January, when The Washington Post published a draft of “Executive Order – Strengthening U.S. Cyber Security and Capabilities.” Among other provisions, the draft order required agency heads to update their systems and work with the private sector to address digital security challenges. It also empowered the Department of Defense to review federal computer systems for vulnerabilities and the Director of National Intelligence to compile a list of the United States’ digital adversaries. However, after meeting with digital security experts, Trump postponed his signing of the order.
A revised draft of President Trump’s executive order emerged shortly thereafter. In more ways than one, the draft extends the Obama Administration’s “Presidential Policy Directive — Critical Infrastructure Security and Resilience.” But by calling for no fewer than 10 reports on digital security, some feel the executive order goes way too far, so much so that it becomes unrealistic.
Kieren McCarthy of The Register is one of those people:
“… [W]hile well intended, the executive order has become bloatware, as people who obviously do not have experience with executive orders have been given the opportunity to create a wish list of all the reports they would want from all the people they would want to hear from. Assuming this draft makes it through unedited (which, in itself, would be a little concerning), we can’t see how these long series of reports requiring massive cross-department coordination will ever see the light of day. Even if they did, imagining that the president would deal with no fewer than six reports on cybersecurity is fantasy.”
As of this writing, there’s been little movement on the executive order. It was reported President Trump would sign the executive order by April 29. But his 100th day in office came and went without any further announcements.
An Uncertain Road Ahead
Some might argue the 45th President of the United States has taken a firm stance on key digital policy issues like net neutrality and government transparency within his first 100 days. But when it comes to digital security, that’s not the case. Due to a lack of information, the world has yet to fully understand President Trump’s position on digital security. Hopefully, the White House won’t keep us waiting for much longer.