US President Donald Trump signed an executive order [text, JURIST] Thursday designed to strengthen IT and cyber security frameworks in the country by having agency heads manage security risks and modernize the IT infrastructure. The order also mandates the use of the National Institute of Standards and Technology framework to manage risks and a creation of a new cyber secure network. The order calls on all agency head to submit a risk assessment within 90 days which will outline the goals and vulnerabilities within each agency.
Known but unmitigated vulnerabilities are among the highest cybersecurity risks faced by executive departments and agencies (agencies). Known vulnerabilities include using operating systems or hardware beyond the vendor’s support lifecycle, declining to implement a vendor’s security patch, or failing to execute security-specific configuration guidance. Effective risk management requires agency heads to lead integrated teams of senior executives with expertise in IT, security, budgeting, acquisition, law, privacy, and human resources.
The order mandates a report on security that will be released at the end of the year.
Cyber security is a growing threat around the world. The National Control Commission for the Election Campaign for the Presidential Election (CNCCEP) on Saturday cautioned [JURIST report] media outlets against sharing information leaked from an alleged hack of a presidential candidate. in April Roman Seleznev, the son of a member of the Russian Parliament, was sentenced [JURIST report] for hacking into more than 500 US businesses, stealing then selling millions of credit card numbers. Also in April the Department of Justice (DOJ) announced [JURIST report] that it had effectively disrupted the Kelihos botnet, a network of thousands of virus ridden computers used to glean personal information and login credentials by distributing malicious software through spam email.