Trump’s promise on cybersecurity: what’s been happening?

As US President Donald Trump closes in on his 100th day in office, he faces plenty of scrutiny over things that didn’t get done in that all-important period of any new administration. One big criticism in the media last week was that he’d blown his self-imposed 90-day deadline to unveil a tough new cybersecurity plan for the federal government.

But it’s worth noting that things have in fact happened on the cybersecurity front. Last month, for example, Trump hired Robert Joyce as his White House cybersecurity coordinator. Meanwhile, work has continued behind the scenes on an executive order that could finally be signed by Friday.

Who is Robert Joyce?

Joyce once ran the National Security Agency’s hacking division and has received praise across the defense community, including from Michael Daniel, his Obama-era predecessor.

“He has long experience in the cyber realm, knows the interagency process very well, and has proven himself as a leader at NSA,” Daniel told FCW writer Sean Carberry in an interview last week.

Daniel also told FCW that Joyce is “well versed in both offensive and defensive cyber, having worked both in the NSA’s office of Tailored Access Operations as well as the former Information Assurance Directorate, which was focused on protecting US systems and networks from cyberthreats”.

Executive order might be signed on Friday

Some might remember that day in late January when Trump was expected to sign an executive order on cybersecurity, but canceled it and instead promised a comprehensive plan to improve security in the federal government’s IT infrastructure in 90 days.

Though the deadline passed without a plan, Joyce himself told attendees at Georgetown University’s International Conference on Cyber Engagement Monday that the executive order was just about ready to sign.

He said the president’s son-in-law, Jared Kushner, was working with White House tech policy aides Chris Lidell and Reed Cordish on “a major effort” to create “approaches for the president’s consideration to modernize federal IT systems, retire outdated systems and move to shared services”. Joyce told the audience:

We must make sure that innovation and cybersecurity are intertwined.

Asked by a member of the audience if those provisions would be in an executive order Trump is expected to sign this week or if it would be spliced into a separate EO down the road, Joyce replied: “A little bit of both.”

Modernization provision tossed out?

That question was likely based on multiple media reports that the cybersecurity executive order to be signed this week won’t include the bit about modernizing federal IT systems.

Politico cited “multiple people familiar with the White House’s plans” who said the order will no longer contain the section on modernizing federal IT systems. Specifically, Politico said, it will “kick off reviews of each federal agency’s digital defenses and direct agency heads to adopt specific cyber standards”.

The federal IT modernization part now falls to Kushner and his new Office of American Innovation.