A White House official opened the briefing on the cyber security by reading to us. Here's a transcription of that. Next report will have highlights of what followed:
The idea on the executive order the president hopes to sign today is that it will establish that henceforth, the president will hold the heads of federal agencies accountable for managing their cyber risk.
And further directs agencies to manage their cyber risk using the cyber security framework set by NIST, the National Institute of Standards and Technology.
That cyber security frame work has become a de facto industry standard across numerous sectors of the economy. The executive order further directs the director of the Office of Management and Budget to assess and manage the collective risk of the federal executive branch.
This is a key distinction I'd like you to pick up on. Under existing statute, each agency head is responsible for managing their enterprise as an enterprise risk management function. Some of these are very large enterprises, as you might imagine. What we're asking now is for the OMB director to run an effort, or to lead an effort, to then assess the enterprise risk to the entire federal government. Not the judicial or the legislative branch, but the entire executive branch.
The idea here is, as you'll recall, there will be assumptions of risk that some secretaries or other agency heads choose on purpose to assume. We want to be informed of that so we can assess the risk to the entire enterprise at the federal executive branch.
This order also directs the agency heads to being to plan for the deliberate modernization of the federal executive branch IT. Working with the assitant to the president for intergovernmental affairs and technology initiatives, this will be critical, and it's a long overdue step, important to the ability to secure our networks and data. It's also a cost-efficiency
The executive order further directs the secretary of Homeland Security and other agency heads to engage with the owners and operators of the most essential of critical infrastructure entities. The goal of this engagement is to develop ways to protect the entities from catastrophic cyber incidents and respond to those incidents that nevertheless do occur.
It also directs the department of commerce, the department of defense and other agencies to take a number of initial steps to advance the cyber security of our nation's critical infrastructure, consider ways of deterring adversaries, and to promote and open, valuable internet.