Signed just one day before the WannaCry attack, President Donald Trump’s executive order to improve the government’s cybersecurity defenses is a step in the right direction, researchers said.
Although the executive order paints federal cybersecurity concerns with a broad brush, the president’s message hits on several key deficiencies throughout several industries, two researchers with the Center for Long-Term Cybersecurity at the University of California Berkley wrote on Lawfare.
Trump’s order—which has been criticized for its lack of specificity—has implications for the Department of Health and Human Services (HHS). The agency is required to produce a cybersecurity risk management report to the Secretary of Homeland Security and the Director of the Office of Management within 90 days.
The overarching themes within the executive order are spot on, wrote the UC Berkley researchers. The push to manage cybersecurity at all levels of each agency, rather than delegating it to IT, and the need to routinely update systems were key lessons learned in the aftermath of the WannaCry attack.
They also echoed some of the recommendations highlighted in the HHS Cybersecurity Task Force report, including the need to bolster the nation’s cybersecurity workforce and improve threat sharing capabilities.
“It is now crucial to carve out the time to plan ahead and have a roadmap for the ongoing steps organizations must pursue to be safer as they become more digital,” the authors wrote. “The past decade has shown us quite a lot about the advantages of digital innovation, but it has also demonstrated that no institution is safe, and a new cyberattack is almost always right around the corner.”