On May 11, 2017, President Trump issued an Executive Order on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” (“EO”). The EO makes Executive Branch agency heads responsible for ensuring the cybersecurity of their systems and information. It also directs these agencies to report, plan and budget for improvements to the cybersecurity of their Federal systems in order to adequately protect “the executive branch enterprise.” The EO calls for agencies to apply the National Institute of Standards and Technology (“NIST”) Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”) in developing reports that ultimately will be used to determine an Executive Branch cybersecurity plan. The Framework to be used by these agencies is the same one that has been in place since 2014 as voluntary guidance to businesses on the development of a risk-based approach for addressing and managing cybersecurity risks. Notably, the EO calls for the Executive Branch’s development and transition to a “modern, secure, and more resilient executive branch IT [Information Technology] architecture,” with a preference to procure shared IT services, including email, cloud and cybersecurity services.

The EO also calls for agencies to support the cybersecurity of U.S. critical infrastructure, which is defined to include critical physical and information infrastructures and networks in telecommunications, energy, financial services, water, and transportation sectors. The EO also seeks to identify the cybersecurity risks facing the Department of Defense (“DoD”) and the defense industry base, including its supply chain, and to address the threats posed by botnets and other automated, distributed cyber attacks.

Takeaways:

• Cybersecurity remains a critical concern for this administration. We should expect that additional guidance and likely increased requirements will be issued to implement better and more comprehensive cybersecurity in government and with regard to those involved in national security, or other activities critical to the accomplishment of the government’s missions.

• Given the President’s expressed intent to update Executive Branch IT systems and services, it is likely that an Agency’s plans to address cybersecurity needs will be factored into that Agency’s, and ultimately, the President’s Executive Branch-wide, strategic, operational and budgetary planning processes moving forward for FY 18 and beyond.

• As a government contractor, you should be checking your systems to ensure compliance with the cybersecurity requirements in your current contracts and subcontracts, and moving forward to ensure your competitive status in future procurements.

• Cybersecurity is likely to create opportunities for those with the best cybersecurity products, services and capabilities in the coming months and years.

If you have questions about the Executive Order or the requirements of current cybersecurity provisions, contact Susan Warshaw Ebner, or your FortneyScott counsel.