White House Releases New Cyber Security Plan and Executive Order on Combatting Cybercrimes

Key Takeaways

On March 6, the White House released a policy notice titled President Trump’s Cyber Strategy for America, a 7-page document outlining the policy pillars that will define the Administration’s approach to cybersecurity. The President also signed Executive Order 14390, titled Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens, which among other initiatives instructs the Cybersecurity Infrastructure and Security Agency (CISA) to prioritize training, technical assistance, and resilience building to support state, local, Tribal and territorial (SLTT) partners’ efforts to combat cybercrimes. 

What is in the Cyber Strategy?

Under the new Cyber Strategy, the White House seeks to promote the following six policy pillars:

1. Shape adversary behavior: The strategy commits to creating private sector incentives to identify and disrupt adversary networks, while deploying federal capabilities for defensive and offensive cyber operations. The strategy additionally commits to detecting, confronting and defeating cyber adversaries before they breach a network, and the strategy also commits to protecting against intellectual property theft perpetrated by cyber actors.
2. Promote common sense regulation: The strategy commits to streamline existing cyber regulations to reduce compliance burdens, address questions of liability, and better align regulatory and industry globally.
3. Modernize and secure federal government networks: The strategy will implement cybersecurity best practices including post-quantum cryptography, zero-trust architecture, and cloud transition on all federal information systems. The federal government will also work to implement AI-powered cybersecurity solutions to defend federal networks and deter intrusions, as well as prioritize military, intelligence and civilian enterprises.
4. Secure critical infrastructure: The strategy outlines how the federal government will identify, prioritize, and harden the security of supply chains across a multitude of sectors. The strategy will also seek to prioritize U.S. technologies, and move away from technologies and products deemed adversarial. Notably, the strategy seeks to galvanize the role of state, local, Tribal, and territorial authorities as a complement to – not substitute for – national cybersecurity efforts.
5. Sustain superiority in critical and emerging technologies: The strategy will focus on building secure technologies and supply chains that protect user privacy from design to deployment, including supporting the security of cryptocurrencies and blockchain technologies, as well as the adoption of post-quantum cryptography and secure quantum computing.
6. Build talent and capacity: The strategy will focus on developing a workforce pipeline that develops and trains the existing cyber workforce as well as recruits the next generation to design and deploy new cyber technologies and solutions, working with industry, academia, government, and the military to align incentives and build a highly skilled cybersecurity workforce. 

What is in the Executive Order on Combatting Cybercrimes?

The Executive Order on Combatting Cybercrime contains several provisions intended to expand enforcement, deterrence and disruption efforts at the federal level, including the following:

• Instructs federal agencies to review relevant operational, technical, diplomatic, and regulatory frameworks in place to determine how each can be improved to best combat transnational criminal organizations (TCOs) engaged in cyber-enabled crime
• Produces an action plan to coordinate federal efforts to detect, disrupt, dismantle, and deter cyber-enabled criminal activity conducted by TCOs and associated networks that target US persons, businesses, critical infrastructure, or public services
• Enables CISA to partner with state, local, Tribal, and territorial partners to expand defensive capacity, share threat intelligence, and harden critical infrastructure systems against cybercrime exploitation by TCOs

What is the county impact?

Counties continue to strongly advocate for the robust adoption of cybersecurity best practices at the federal level that can be disseminated to the state and local governmental level. Counties further support the assignment and prioritization of resources that can support cybersecurity priorities at the local level, including direct funding, technical assistance and accessible resources. 

NACo will continue to monitor cybersecurity policy developments at the federal level and keep members updated.