The White House is putting the finishing touches on a new draft of the cybersecurity executive order originally scheduled for signature in January, and it could be done in a week or so, former IBM CEO Sam Palmisano said Monday.
“My sense is that they’re moving along and maybe within a week or so we could see something,” he told an audience at the Center for Strategic and International Studies, where he had arrived late from an over-running meeting at the White House. He added, however, “But I’d have said the same thing two or three weeks ago, so I don’t know.
Palmisano, now chairman of the Center for Global Enterprise, a nonprofit research institution focused on the contemporary corporation, was co-chairman of a special nonpartisan commission created by President Barack Obama to advise the next commander in chief about cybersecurity. Palmisano said the officials he spoke to in the Trump administration were working as fast as they could on updating cybersecurity policy in general.
“I think it’s far enough along that this afternoon they’re going to take me through it to get my reaction,” he added, “So that means it’s pretty far along, obviously, if they’re looking for that kind of feedback.”
Soon after the original cyber EO was pulled on the day it was due to be signed, a new and much more detailed draft order began to circulate among D.C. cyber-policy insiders. But although it garnered some praise, the new draft also gave heartburn to the telecommunications and IT industries. It would have created a completely new category of critical infrastructure. Critical infrastructure sectors — 16 of them in all — are the types of businesses that are vital for the government and economy to function. Things like the telephone network, banks, mass transit systems, power and water utilities and so on — and they are subject to special regulations.
But the draft EO referred to the owners and operators of “core communications infrastructure” — not a defined or recognized term — and suggested there might be additional requirements on them to protect the internet from automated attacks like botnets.
Since then, there have been repeated reports, all in the end proving false, that the cyber EO was ready for signature.
Palmisano and Karen Evans, former head of federal IT in the George W. Bush administration, both defended the Trump White House against the suggestion from a questioner that the administration was lagging in policy because it has not yet filled several key positions such as the federal CIO, CISO and CTO, which are within the Executive Office of the President and don’t require Senate confirmation.
Evans, who worked on the Trump transition and was a co-chairman of another independent commission offering cybersecurity advice to the new administration, cautioned that the administration may not be planning to fill all those jobs. It’s possible that it will do away with one or more of them, she said.
She said the CSIS commission she co-chaired looked at the structure and function of the various posts within the president’s executive office, asking the questions: “What are the right roles and do all of these roles need to exist?”
Perhaps, she continued, “You don’t need a chief information officer, a chief innovation officer, a chief information security officer, a chief digital officer. … There are so many chiefs in these agencies,” she said.
“You might,” she advised, “want to take off the lens of, ‘This is the traditional way of looking at it.’ The new administration is an opportunity to be able to say ‘What should these jobs really do?’
“Just because certain positions aren’t filled doesn’t mean that they’re not working on the issues,” she concluded
Palmisano said it was still early days for the new administration and it had a great deal on its plate. “They’re in this point of transition, so I think it’s pretty hard to judge them,” he said, adding they were listening to feedback they were getting from the private sector
“They’re taking all the inputs, they’re not discarding this input, they’re just thinking through how they figure all this out and then get the jobs filled,” he said.