Assessing the Draft Cyber Executive Order

Amidst the whirlwind of executive orders and presidential memoranda that have been in the news, it was easy to miss a purported draft of President Trump’s first executive order (EO) covering cybersecurity issues, leaked to the Washington Post and released on Friday, January 27. The order, titled “Strengthening U.S. Cyber Security and Capabilities,” calls for several 60- and 100-day assessments of the state of U.S. cybersecurity and the identification of areas of improvement. This mirrors the approach taken by President Obama, who ordered his own 60-day cyberspace review shortly after assuming office.

Our bottom line up front, assuming the text of this draft does not change, is that while the intent of the executive order represents a reasonable start to getting a handle on the cybersecurity challenges that await this administration, this appears to be another case where an executive order has not been coordinated with federal departments and agencies. Compared to other recent orders, this one is fairly tame—for example, we see no attempt to scale back U.S. compliance with international law. But that is a very low bar, albeit one that has been difficult for the new Administration to meet at times. Here, our concern is that the document’s authors are either unaware or dismissive of the substantial equities and capabilities of a broad swath of the government.