Categories: CyberCrimeSecurity

White House Withholds Cyber-Security Order For Further Revision

To put it bluntly, Congress is famously stingy when it comes to spending money for the Executive Branch unless it somehow benefits each member’s district.

What’s also notable is that the revised EO, while more complete than the first version, still doesn’t really address a full cyber-security picture. For example, there’s no discussion of staff qualification or training so that existing staffers can be up to speed on current cyber-security practices.

Considering that the White House has frozen all federal hiring with few exceptions, most departments and agencies will have no way to hire experienced security personnel, which means that they must train the personnel they already have.

Likewise, the cyber-security EO, assuming it survives relatively intact, does not address the vast array of equipment the government already has. What’s going to happen to this gear? It can’t just be dumped on the surplus market, if only because much of it contains sensitive or classified information.

What next?

“This is very typical of what you see these days,” said Arman Sadeghi, CEO of Data Destruction Corporation. “That one of the areas that’s often overlooked. It’s been happening for many years. They’ve completely left it out.”

While the EO focuses heavily on keeping internet-borne hackers out of U.S. networks, it doesn’t really address threats coming from other directions. “There’s a major disconnect in where data gets out,” Sadeghi said. “They’re focusing on hacks through the web, but a much bigger risk is with devices that are obsolete and being taken off line. A data breach will involve this aspect of data security.”

The problem is that a great deal of equipment contains data, and a lot of it isn’t obvious. Some things such as hard disk drives are obvious. But surprisingly few IT managers or CISOs realize that everything from copiers to fax machines to network switches and firewalls also retain data, and that data can be recovered by attackers and used.

“They need to specifically have verbiage that addresses end of life for IT equipment that contains data,” he said. Sadeghi also said that the emergence of internet of things devices within the government will only exacerbate the problem with data retained in obsolete devices, because most of these devices contain data and so does the network equipment they use for communications.

If there’s a bright point, it’s that the cyber-security EO is still just a draft. Potentially, it can be changed to be more complete. Considering that it looks as though existing draft went through the hands of someone who knew what they were doing, perhaps it’s not too late for a more comprehensive draft to become the final executive order that the president signs.

Originally published on eWeek

Quiz: What do you know about Trump and technology?

Page: 1 2

Wayne Rash

Wayne Rash is senior correspondent for eWEEK and a writer with 30 years of experience. His career includes IT work for the US Air Force.

Recent Posts

NHS Scotland Confirms Clinical Data Published By Ransomware Gang

NHS Dumfries and Galloway condemns ransomware gang for publishing patients clinical data after cyberattack earlier…

21 hours ago

Fewer People Using Twitter After Musk Takeover – Report

Research data suggests fewer people are using Elon Musk's X, but platform insists 250 million…

24 hours ago

Julian Assange Wins Temporary Reprieve For US Extradition Appeal

US assurances required. Julian Assange handed a slender reprieve in fight against his extradition to…

1 day ago

Report: Apple To Use Baidu’s Ernie Bot In China iPhones

Apple reportedly to use Baidu's Ernie Bot AI in Chinese iPhones, Macs as company prepares…

2 days ago

Apple Hit By Private Lawsuits Imitating Justice Department Approach

Apple hit by at least three new class-action lawsuits imitating Justice Department antitrust action alleging…

2 days ago

US, UK Impose Sanctions On China Over Spying, Infrastructure Hacks

US, UK impose sanctions on China over campaign to target critical infrastructure and place officials…

2 days ago