Newsroom
May 11, 2017
Trumps signs cybersecurity executive order
President Donald Trump on Thursday signed an executive order meant to strengthen the federal government's cybersecurity and help protect the nation's critical infrastructure from a cyber attack.
The executive order requires federal agencies to adopt the National Institute of Standards and Technology's cybersecurity framework for managing cybersecurity risks. Federal agencies would also need to provide a risk management report to the White House's Office of Management and Budget within 90 days of the order.
Many NAFCU member credit unions have used and benefited from NIST's cybersecurity framework. The association has encouraged NIST to work with other regulators and industry stakeholders to clarify how its framework should be used or adopted, while emphasizing that there is no one-size-fits-all approach to cybersecurity.
The order also directs law enforcement agencies, along with the Department of Defense, to coordinate with owners and operators of critical infrastructure (as defined in the executive order titled Improving Critical Infrastructure Cybersecurity) to identify "authorities and capabilities" for supporting their own cybersecurity efforts.
Under this order, the departments of Homeland Security and Commerce would need to examine the impact of federal policies on "market transparency of cybersecurity risk management practices by critical infrastructure entities." These departments would then identify and promote efforts by appropriate stakeholders to reduce the threat of distributed attacks caused by botnets, such as a distributed denial-of-service (DDOS) attacks.
Other parts of the executive order highlight cybersecurity workforce development, strategic deterrence options and international cooperation, which would not affect credit unions.
NAFCU supports policy makers' focus on cybersecurity and continues to urge that cyber and data security be addressed in hand in hand. Along those lines, NAFCU continues to push for Congress to pass a strong national data security standard for retailers that would hold them to the same standards credit unions already follow under the Gramm-Leach-Bliley Act.
The executive order requires federal agencies to adopt the National Institute of Standards and Technology's cybersecurity framework for managing cybersecurity risks. Federal agencies would also need to provide a risk management report to the White House's Office of Management and Budget within 90 days of the order.
Many NAFCU member credit unions have used and benefited from NIST's cybersecurity framework. The association has encouraged NIST to work with other regulators and industry stakeholders to clarify how its framework should be used or adopted, while emphasizing that there is no one-size-fits-all approach to cybersecurity.
The order also directs law enforcement agencies, along with the Department of Defense, to coordinate with owners and operators of critical infrastructure (as defined in the executive order titled Improving Critical Infrastructure Cybersecurity) to identify "authorities and capabilities" for supporting their own cybersecurity efforts.
Under this order, the departments of Homeland Security and Commerce would need to examine the impact of federal policies on "market transparency of cybersecurity risk management practices by critical infrastructure entities." These departments would then identify and promote efforts by appropriate stakeholders to reduce the threat of distributed attacks caused by botnets, such as a distributed denial-of-service (DDOS) attacks.
Other parts of the executive order highlight cybersecurity workforce development, strategic deterrence options and international cooperation, which would not affect credit unions.
NAFCU supports policy makers' focus on cybersecurity and continues to urge that cyber and data security be addressed in hand in hand. Along those lines, NAFCU continues to push for Congress to pass a strong national data security standard for retailers that would hold them to the same standards credit unions already follow under the Gramm-Leach-Bliley Act.
Share This
Related Resources
Data Privacy Issue Brief
Whitepapers
Data Privacy Issue Brief
Whitepapers
NAFCU Data Privacy Principles
Whitepapers
Compliance Monitor - August 2018
Newsletter
Get daily updates.
Subscribe to NAFCU today.