President’s Executive Order May Stimulate Cybersecurity Innovation
When President Trump signed his executive order on cybersecurity in May, he set the stage for a new round of cybersecurity innovation. Although there are several aspects of the order that will likely boost cybersecurity investment, accountability will be the key ingredient.
The president began his press announcement regarding the order with a decree that he will hold top agency leaders accountable for cybersecurity. “I will hold my cabinet secretaries and agency heads accountable, totally accountable, for the cybersecurity of their organizations.” This is a significant shift for the federal government, and if adhered to, will dramatically increase the resources allocated to cybersecurity.
In the private sector, we’ve seen a definite trend over the last few years where CEOs are held accountable for their organization’s cybersecurity. Target’s chief executive officer (CEO) and chief information officer (CIO) both resigned following the company’s 2014 data breach. Austrian aircraft parts manufacturer FACC fired its chief executive of 17 years after a fraudulent transfer of 50 million euros, and Baroness Harding, the chief executive of TalkTalk, Britain’s fourth-largest broadband provider, had her performance bonus slashed by more than a third as a result of a high-profile cyberattack.
But within the federal government, we haven’t seen this trend of holding top leaders accountable for cybersecurity. Public agencies don’t answer to a revenue-driven board of directors, so it’s a lot harder to hold the heads of these federal agencies accountable for cybersecurity. For example, after the massive data breaches at the Internal Revenue Service and the Office of Personnel Management, the leaders of both of those agencies were able to, at least to some degree, point the finger at their IT staff.
The new executive order, if implemented, will hold the heads of government agencies accountable for cybersecurity, just as board members are holding CEOs accountable in the private sector. Without the ability to pass the blame for security failures to underlings, top federal leaders will likely allocate more resources to cybersecurity than ever before. Top-level management will have a vested interest in cybersecurity, and will purchase an increased number of products and services.
In addition to the 17 federal intelligence agencies that have always been an important part of cyber innovation, there are literally hundreds of other federal agencies that will increase their cybersecurity budgets—stimulating new products and innovation. According to Cyber Security Ventures, the U.S. Government will spend over $19 billion on cybersecurity in 2017 alone, and we can expect that number to grow considerably in 2018 and the foreseeable future. With the increase in dollars spent in cybersecurity, the entire sector will benefit, both public and private.
Holding agency and department heads accountable will drive this innovation and growth, and the president’s newly signed executive order puts some teeth into the process to ensure that happens.