back to article Trump signs executive order on cybersecurity, White House now runs the show

President Donald Trump has signed his long-promised executive order on cybersecurity – and it says the executive branch will take overall command of securing America's critical IT systems. During his campaign, Trump promised a missive on cybersecurity within 90 days of taking office, but delayed the signing in late January. …

  1. cbars

    Answer: Look to PM TM

    Work towards open, mathematically sound security standards which are secure for everyone? Recognising the fundamental principle that real security is better than security theatre.

    No?

    Oh, ok. Follow the UK! Compel people (in your country) to handover passwords. Compel companies to facilitate wide ranging communications interference/surveillance within 24 hours based on a name (USA has great track record of using Names alone to enforce security standards, I'm thinking no-fly lists). Ban any network traffic that isn't 'approved', and while you're at it ban any media content that isn't 'approved' (I'm thinking pr0n)

  2. Ole Juul

    seriously?

    ". . . it is the policy of the executive branch to promote an open, interoperable, reliable, and secure internet that fosters efficiency, innovation, communication, and economic prosperity, while respecting privacy and guarding against disruption, fraud, and theft,"

    So, a complete 180 then.

    1. Anonymous Coward
      Anonymous Coward

      Re: seriously?

      Consider the source of these commandments; a guy who still uses an outdated and easily pwnable S3 and a chat app more suitable to teens than some old fart with a Furby attached to his bald head pretending to be in charge, until anyone replaces him. And I mean anyone. His Cyber Security Czar is just some old douchebag, cheating husband from NY and has zero knowledge of the subject of his job. Tell me this isn't a field day for hackers everywhere? Hackers at the ready, wait for it, did I tell you the prize is getting a high level official fired?! GO!!1!

      ATH+++

    2. Meph
      Alert

      Re: seriously?

      From the perspective of an outside observer with little more than passing interest in US politics, it looks like the current 180 degree turn is only the latest in a series without much evidence of any forward momentum..

      The part that grabbed my attention though was the following:

      the Director of the American Technology Council will ask each agency for a feasibility plan for combining IT infrastructure for departments within 90 days. Agency heads will also, henceforth, give preference in IT spending to shared systems architecture

      I know it's easier to protect your IT resources behind one wall, instead of many (Trump wall related pun not intended, I swear!) but they'll put themselves at risk of data loss if they put too many critical systems side by side with other less valuable systems. It would be far easier for an attacker to avoid detection by hacking in through say the US parks IT systems and then find a way to tunnel from there into the FBI, or other federal systems. Even if they make the system as secure as possible, the value of the target will attract black hats like flies, and it will only take one of them finding a small hole to exploit for things to turn ugly.

      1. Palpy

        Re: seriously? -- !

        Have an upvote.

        Hopefully seriously expert people will be brought in on the sys architecture question. You're right, of course. The US military uses hardened Red Hat in certain situations precisely because it neither wants nor needs the systems used by a receptionist in the Dept. of Flog and Scrum running on a warship.

        I very much hope that best practices will come to the fore, despite the current wording of the Order.

        1. T. F. M. Reader Silver badge

          Re: seriously? -- !

          @Palpy: The US military uses hardened Red Hat ... precisely because it neither wants nor needs the systems used by a receptionist in the Dept. of Flog and Scrum running on a warship.

          Uhm... Not so sure about that... Checked both links - this one is from the same source but dated later than the one you posted...

          To be fair, the article mentions that 'Part of the Navy's strategy was forming a group designated the "Microsoft Eradication Team."' Chuckle... Nuke them from orbit...

      2. mics39
        Gimp

        Re: seriously?

        What can go wrong, seriously?

        He's got the might and expertise of the whole Russian community behind him.

        1. Anonymous Coward
          Anonymous Coward

          Re: seriously?

          He's got the might and expertise of the whole Russian community behind him.

          And his teenaged spawn. Don't forget, he's an expert at cyber.

          1. John Brown (no body) Silver badge

            Re: seriously?

            "And his teenaged spawn. Don't forget, he's an expert at cyber."

            I thought that was his BFF Rudy?

      3. John Smith 19 Gold badge
        Coat

        "will ask each agency for a feasibility plan for combining IT infrastructure for departments "

        Could we call this "shared services by the back door?"

        He might like to have a little chat with his new BFF Mrs May on how well that's worked out in the UK.

        Of course done right it could result in yuuge cost savings

      4. John Brown (no body) Silver badge
        Mushroom

        Re: seriously?

        "I know it's easier to protect your IT resources behind one wall, instead of many (Trump wall related pun not intended, I swear!) but they'll put themselves at risk of data loss if they put too many critical systems side by side with other less valuable systems."

        Maybe the plan is to move the entirety of US officialdom in the cloud? Didn't the NSA just build an enormous data centre? That's convenient!

  3. 4d3fect

    Literacy--your friend

    He'll be unlikely to read the reports anyway--unless they're double-spaced, on a single page, preferably WITH PICTURES!

    1. Adam 52 Silver badge

      Re: Literacy--your friend

      No, but there seems a reasonable chance he'll forward them on to his Russia handler who will read them.

  4. veti Silver badge

    Two quite separate things

    The first half of the order - get your shit together, report within 3 months - is surprisingly reasonable. I'd actually go so far as to call it a good idea.

    But then comes the sting in the tail: "study the feasibility of merging systems". At the same time as securing them? That's... insane troll thinking. Either secure them first, then try to do some merging, or merge first and secure later. Trying to do both at once is a recipe for paralysis (if you're lucky), or (more likely, and I suspect the desired outcome) the biggest cost overrun in government history.

    1. Mark 85 Silver badge
      Mushroom

      Re: Two quite separate things

      Ah.. but judging from the love letters, the government has a friend in IBM. What could go wrong with that? See icon for implosion/explosion result.

    2. Gnosis_Carmot

      Re: Two quite separate things

      Unless, the merge-and-secure is done by moving to a new system?

  5. jake Silver badge

    A How-To for securing the Internet? In 90 days?

    I can write that in less than 90 seconds:

    Start over, from scratch. The current Internet is not, and cannot be made, secure.

    1. Anonymous Coward
      Anonymous Coward

      Re: A How-To for securing the Internet? In 90 days?

      "Start over, from scratch."

      What does that ever *mean*? Trash every single piece of equipment using electronics with an IP stack? And then go back to the trees while the cities are burning?

      Your brilliant analysis is just about 30 years too late. Why didn't you think of it a bit earlier, before IP became omnipresent?

      1. jake Silver badge

        Re: A How-To for securing the Internet? In 90 days?

        Because around 40 years ago, when I (and many other grad students) were working on TCP/IP at Stanford and Berkeley, all we were building was a research network to research networking. Security wasn't even thought of at the network level. If anything, we went out of our way to ensure that anybody, anywhere, could always access anything on the network. The only security was in the operating system of the connected hardware. Sometimes.

        The fucking thing wasn't designed for computer and security illiterate consumers.

        But trust me, we DID think about it back then. We discounted the very idea as laughable. I mean, who in their right mind would ever use this thing for anything important outside research papers and other academic nonsense?

        To make it secure today, it would have to be torn down completely and rebuilt. From the ground up. With new protocols. And a new security paradigm, completely orthogonal to what we have now. And yes, that includes trashing all the hardware with embedded TCP/IP. Including your so-called "smart" phone.

        Don't yell at me/us at the cost this will involve. We designed TCP/IP to be implemented in software, not hardware ... specifically so it could be replaced as research continued. Fuck-tards in marketing trying to run engineering firms put the kibosh on that.

        And yes, I said "when". TCP/IP will be replaced. When, and with what, I don't know. But it's demise is inevitable. The longer it takes, the more it will cost, and not just financially. The human aspect is going to be ugly.

        Have a nice weekend :-)

    2. VinceLortho
      FAIL

      Re: A How-To for securing the Internet? In 90 days?

      ...and the Russians will pay for it.

  6. Stevie Silver badge

    Bah!

    No internet means no tweets.

    Intollerable risk!

    1. jake Silver badge

      Re: Bah!

      Sad!

      (But not in the way the idiot-in-chief uses the word ... )

  7. Anonymous Coward
    Anonymous Coward

    "some old fart with a Furby attached to his bald head"

    Mexico is going to build and pay for the best most bigly fire wall ever.

  8. Winkypop Silver badge
    Alert

    Dunning-Kruger risk today

    High, very high. Sad.

    The US is being managed by dolts.

  9. Anonymous Coward
    Anonymous Coward

    El Trumpo only wants 'Yes' as the answer

    Anyone who says no, or 'Sorry Mr President we can't do that' is escorted from the building at the double.

    One commentator on 'Wake up to Money' said that he needs to receive almost constant 'you are doing great Mr President' praises from those around him.

    Comey suffered the Oliver Twist effect when he asked for more resources to investigate the Russian links.

    Every day, I get more and more reminded of Dr Strangelove.

    I'd better get that fallout shelter stocked ASAP.

    1. Anonymous Coward
      Anonymous Coward

      Re: El Trumpo only wants 'Yes' as the answer

      I begin to see a lot of "Yes"-ers since 2016 including at work (hence AC) where an alternative reality is asserted by 'Management' whatever the context..

    2. John Brown (no body) Silver badge

      Re: El Trumpo only wants 'Yes' as the answer

      'you are doing great Mr President'

      That always sounds weird to me. Two titles and no name. President Trump, or Mr Trump, but Mr President? Nah, too weird for me. Maybe it's part of the German influence, Herr Doktor Professor! :-)

  10. Anonymous Coward
    Anonymous Coward

    Fair play to Trump as he is learning one of the important rules of being a politician.

    Be seen to be doing something without actually doing anything.

    What will be the content of these reports?

    It's online and we has firewall.

    Unless this is some kind of power grab of IT infrastructure. Maybe he's scoping the country out for the Russians. That's sarcasm btw in case anyone missed it.

  11. Rich 11 Silver badge

    Plans awry!

    and the Director of the FBI (once he has decided who that will be)

    "and the Director of the FBI (once he has decided who the next incumbent will briefly be)"

    FTFY.

  12. Phil O'Sophical Silver badge
    WTF?

    6 months to even make a plan?

    The Secretary of Defense and the Director of National Intelligence ... will have 150 days to come up with a plan to protect national security IT systems

    150 days? If they don't already have such a plan, constantly being revised, they aren't doing their jobs. They should be able to have that on the Oval Offcie desk by Monday, or start looking for new jobs better suited to their abilities.

  13. John Smith 19 Gold badge
    Unhappy

    Is anyone else wondering if he'll read any of them?

    Because as others have noted he's reputed to have a very short attention span. I'd suggest.

    Brevity in the whole thing. But keep all the evidence in a bit Appendix you can show him if he complains it does not look like you've doing much work.

    3-4 conclusions of a couple of (short) sentence each.

    Like every boss for any problem you raise he wants to hear a solution. Better yet a couple of them.

    1. Naselus

      Re: Is anyone else wondering if he'll read any of them?

      Would it make any difference if he did read them? He has demonstrably no understanding of policy and no understanding of IT security, so even if someone can get him to sit down and read an IT security policy document, it's hard to see anything resulting from it.

  14. Mystic Megabyte Silver badge
    FAIL

    Prime the Rumpy Pumpy

    As the old fart seems to be losing his grip on reality maybe a dose of engine oil directly into the brain would fix things.

    http://observer.com/2017/05/president-trump-priming-the-pump/

  15. Elmer Phud

    So . . .

    The tiny hand wrecks the cradle.

    1. John Smith 19 Gold badge
      Happy

      "The tiny hand wrecks the cradle."

      Well played, sir.

  16. Naselus

    Does anyone else get a sneaking suspicion this responsibility is rapidly heading for Jared Kushner's desk? After all, he probably needs something to do between reforming the whole federal government and sorting out the middle east.

    1. WonkoTheSane Silver badge

      You forgot flogging visas to the Chinese.

  17. Jonjonz

    We already know Trump never reads anything, and that he only keeps people around/underhim that are stupider than him, so what do we get, another massive pile of deadwood in 3 months that will rot unread.

  18. Anonymous Coward
    Anonymous Coward

    "the executive branch will take overall command of securing America's critical IT systems." and therefore, as it's in charge, is also ultimately to blame if they go wrong?

    Sorry, wrong planet. Don't know what I was thinking,

  19. Titus Aduxass
    Alert

    "secure the internet"

    Why does the phrase "secure the internet" ring all sorts of alarm bells for me?

    Yes, "secure" can mean "safe" but it also means "succeed in obtaining (something), especially with difficulty"...

  20. sisk Silver badge

    Oh hell

    So...the nation's cybersecurity is now directly in the hands of an administration who's transition plan included intentionally creating thousands of dead links on their own website. I'm truly beginning to think that doomsday preppers might have a point, even if some of them are clearly off their rockers.

  21. Tank boy
    FAIL

    Fantastic

    Trump, stay in your lane! You don't have a clue what all the things that these reports will actually say, you can't even figure out how the new EMALS works on the new aircraft carrier (it's witchcraft!), don't go fooling about here. Let the pros handle business without any of your fuckery Donnie. If we leave this up to your dumb ass we'll go back to telegrams and the pony fucking express to send emails (not to be confused with EMALS, no that's witchcraft. You have to be Einstein to figure out digital). Just leave shit alone, you've already fucked up my country bad enough.

    1. John Smith 19 Gold badge
      Coat

      " Let the pros handle business without any of your fuckery Donnie. "

      Yeah, but y'know DJ Trump is in the (White) house now.

  22. allthecoolshortnamesweretaken

    "So basically: expect no movement on cybersecurity over the next three to six months. The players will have their hands full preparing the hundreds of reports the executive order demands, and will be far too busy to cope with anything else."

    That's more ore less what you'd like to achieve by deeply embedding one of your own in the control and command structure of your adversary.

  23. Christian Berger Silver badge

    It would be possible to achieve better security, it would just take a decade or so

    One of the big problems is "legacy systems". If you have legacy systems running on old, insecure platforms, well it's hard to move to something simpler and therefore more secure. Feature creep in platforms leads to applications deeply embedding themselves in those features.

    Maybe administrations should try to define sensible subsets of current platforms, essentially removing all non-essential features from the standards. Application vendors that already have well-behaved software will have little trouble to just work around a missing feature. If you tighten the standards more and more, and announce every change years in advance, you could discipline the market.

    Then in parallel you design and build simpler, and therefore more secure computers. Those computers will emulate the previous legacy platforms, and once the currently used subset of features is implemented, you switch to them.

    Today we have lots of needless features. We have whole operating systems running in "service mode" behind our backs... just so they can handle USB devices for the operating system. We have service after service running on the background for things that, in the most common case (single user, embedded system, server) could be done by a single shell script.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019