NEW YORK–President Donald Trump’s Cybersecurity Executive Order needs an overhaul, specifically a shift from planning and proposals to the pragmatic. According to Ed Amoroso, former AT&T CSO, there are dire consequences to the U.S. critical infrastructure if the U.S. government pursues its current cybersecurity status quo.
“How many plans are being drafted by government agencies right now under the current Cyber Executive Order? Hundreds. And who is going to read them?” asked Amoroso, currently CEO of TAG Cyber. “This is not the way Trump’s executive order should be.”
Speaking today at the Borderless Cyber conference, Amoroso argued cybersecurity needs to be more about three essential ingredients. “It’s simple. The administration’s focus needs to be on implementing one compliance framework (NIST), moving to the cloud, and getting our young kids involved in cyber. That’s something that we can actually do.”
In an open letter to President Donald Trump, he is calling for an immediate rewrite of the Executive Order on Cybersecurity that embraces the 2013 draft National Institute of Standards and Technology (NIST) framework that aims to establish sets of industry specific security norms applicable to organizations of all sizes with the goal of securing the nation’s critical infrastructure.
He also said that it’s important to reduce the attack surface of the government’s “enterprise perimeter” by moving government data warehousing and processes to the cloud.
“Why didn’t Hillary Clinton’s emails get hacked in the last election? Because it was located outside the official U.S. perimeter where hackers couldn’t get to it. She got lucky,” Amoroso said. He said when the government “scatters its workload into a million pieces” into the cloud the network infrastructure goes away and removes the hard target of the enterprise perimeter.
Part of his rewrite of the executive order also includes mandating that “each government agency shall significantly expand their Cyber Corps Program for young people interested in a cyber security a career,” according to his open letter.
“Why don’t we incent young people to be involved with cyber security for five years and then pay for their college?” he said. “We have a small program now (Cyber Corps Program), but it needs to be 10 times bigger.”
Just as the Peace Corps defined a generation in the 1960s, the Cyber Corps has the same potential. He points to current estimates of 1 million vacant cybersecurity-related jobs currently unfilled coupled with an over-reliance on H-1B Visas.
“Very few kids are going into hi-tech today. Especially for women, the Ph.D-rate for computer science is dropping. That is alarming and not acceptable,” Amoroso said.
The Cybersecurity Executive Order needs to be about something that politicians and bureaucrats can actually do, he said. “If we stay this course, then my prediction is dire. I think that our critical infrastructure is fundamentally vulnerable.” And if U.S. cybersecurity leadership doesn’t change, it’s going to be the same broken pattern over and over again, he said.