back to article Trump's cybersecurity strategy kinda makes sense, so why delay?

President Trump can't read, can't accept reality, and can't take a joke. Worrying and puzzling, indeed. But here's what's got computer security experts scratching their heads: why did Donald postpone signing a new cybersecurity executive order. According to a leaked draft, the order will hold US government department chiefs …

  1. Anonymous Coward
    Anonymous Coward

    WTF?

    "Trump – furious that Bannon apparently edited the national security council order without the president's knowledge before it was signed off"

    By him! He's upset that he didn't read what he was signing and yet Bannon is still defect president in his administration, it's truly terrifying.

    1. Anonymous Coward
      Facepalm

      Re: WTF?

      "Trump – furious that Bannon apparently edited the national security council order without the president's knowledge before it was signed off"

      Well spotted, that quote, a prime example of cyber BS, Trumps thought processes only extend to nine sesond sound bytes. He would be unable to absorb a whole paragraph at the same time. I suspect he's already showing signs of neurological decay.

  2. MrDamage

    He didn't sign it

    Because cybersecurity is a 5 syllable word. He's still undertaking speech therapy learning how to properly pronounce it, and once he is sure he won't go all Dubya "nucular" on it, then he'll sign and speak about it.

    1. Halfmad Silver badge

      Re: He didn't sign it

      Wife and I genuinely thing Trump has early stage dementia, his vocabulary is increasingly limited and when challenged on anything from memory he's vague and usually annoyed by default - an automatic reaction to being frustrated.

      1. Uncle Slacky Silver badge
        Thumb Up

        Re: He didn't sign it

        His recent stumbling down a ramp (the reason Theresa the Appeaser held his hand) could also be indicative of dementia.

        1. h4rm0ny

          Re: He didn't sign it

          The CIA are probably poisoning his tea as we speak!

          1. Bucky 2
            Happy

            Re: He didn't sign it

            @h4rm0ny

            I'm not sure I'd have given the Claude Rains role to the CIA, but I'm delighted by the reference nonetheless.

            Everyone else: "Notorious" (1946).

      2. Stevie Silver badge

        Re: Early stage dementia

        I tweeted on this very concern some weeks before the election.

        But then, no-one in their right mind would read any tweet blithered by me, so no harm done.

    2. Geriant

      Re: He didn't sign it

      Six-syllable word.

  3. allthecoolshortnamesweretaken

    The answer is already stated in the headline.

  4. tom dial Silver badge

    One may hope, perhaps even with reason, that the cybersecurity order will be more carefully thought out and better staffed, and its implementation better planned, than the partial immigration suspension order of January 27. That would cause significant delay and indicate that the new crew at the White House are learning.

    Based on the leaked draft, it is fairly likely that there is a lot of pushback from some agencies over what is to be done and how fast. The DoD, mostly, will be in fairly good shape, as they began long ago to tighten the screws, manage information security, and document their status. They will not find it hard to provide status and recommendations in 60 days. While they were well short of perfect five years back when I left their employ, they were far better than the State Department through at least the end of Secretary Clinton's tenure, or the Office of Personnel Management through early 2015; they, and probably a good many other agencies would find it hard or impossible to complete the evaluation in the required period, although the recommendations might be far easier, beginning with something like "maintain up-to-date security patch status."

  5. Potemkine Silver badge

    FAKE NEWS, believe me

    That's just ANOTHER ploy of a leftist media to DIRTY our Dear LEADER, Father of the Nation, Light of civilization and Restorer of the White Old Males' Supremacy!

    Designing scapegoats being the favorite game of the Unpresidented, I wonder why he didn't sign this

    decree... maybe his friend Vladimir told him not to do so?

    1. Mystic Megabyte
      FAIL

      Re: FAKE NEWS, believe me

      Just so. I read yesterday that Rumpy Pumpy now decrees that all opinion polls that don't favour him are fake news. The man is clearly quite insane :(

  6. John Smith 19 Gold badge
    Unhappy

    "Responability" without authority (to make it stick)

    is BS.

    Just saying.

    1. Anonymous Coward
      Anonymous Coward

      Re: "Responability" without authority (to make it stick)

      Resposibility with Authority but not the Resources is just as hard.

      1. netminder

        Re: "Responability" without authority (to make it stick)

        My agency has undergone years of budget cuts (real ones kids) and mandates to not hire so replacements are often high-priced contract help which just exacerbates the cash shortage. Add the sort of reluctance all senior management appears to have about giving money & power to the security shop (I saw this in private industry just as strongly) and the inertia we need to overcome is pretty large. We are making progress just not fast enough.

      2. Geriant

        Re: "Responability" without authority (to make it stick)

        According to Stanley Baldwin (with a leg-up from Mr Kipling), power without responsibility has been the prerogative of the harlot through the ages.

        On the other hand, responsibility without power would seem to be the prerogative of the scapegoat through the ages.

  7. Peter2 Silver badge

    You've missed the other, more obvious probability. He's campaigning for a second term. He needs the political establishment and media screaming at him in protest to maintain his anti establishment image, despite being at the top of the establishment.

    Signing this will make the headlines, and he's already in them. Expect him to sign this or something else that'll make the headlines as soon as the existing bits about him get out of the media.

  8. Rich 11 Silver badge

    why did Donald postpone signing a new cybersecurity executive order

    Perhaps Vladimir didn't approve?

    1. TRT Silver badge

      Re: why did Donald postpone signing a new cybersecurity executive order

      He must be putin it off for some reason.

  9. Dan 55 Silver badge

    "two regulations are torn up for every new rule introduced"

    Which ones? Pollution, electrical interference, workers' rights, drug testing, medical standards, building standards, vehicle construction standards, aeroplane construction standards, food standards, education standards, equality, animal welfare, telecoms regulation, etc... etc...

    You can't just travel back in time to 1970 by ripping stuff up, the world is more complicated 50 years later.

    People who should know better are saying it's a good idea. It sounds good for five seconds until you think about it.

    1. netminder

      Re: "two regulations are torn up for every new rule introduced"

      Well, thats the thing, isn't it? Trump supporters don't think. Trump supporters believe their 'gut' is smarter than their brain, that if they want to believe it badly enough it will be true, that truthieness beats reality every time and anything they don't understand is witchcraft & must be destroyed. The fucked up electoral system, designed to protect the slave holders from reality has put these people in charge despite them being the minority of the nation. We are screwed.

      1. Stoneshop Silver badge
        Boffin

        Re: "two regulations are torn up for every new rule introduced"

        Trump supporters believe their 'gut' is smarter than their brain

        It is.

        Note: there's no suggestion of some absolute level of smartness in the above.

    2. mstreet

      Re: "two regulations are torn up for every new rule introduced"

      RE: "People who should know better are saying it's a good idea. It sounds good for five seconds until you think about it."

      I think in a nutshell, this is the real problem. As an analogy, I once had an argument with a friend, who insisted that a true friend will stick up for his mates, regardless of what they do, because, hey, that's what friends do...

      So assume you walk into a pub with a friend. The 'friend' immediately proceeds to get hammered and ugly, and starts picking fights with everyone who glances his way. You, being far less aggressive and far more sober, try to steer him away from trouble all night, but he just won't stop being a douche, and eventually, fists start to fly.

      If you stick up for him, you are now fighting on behalf of a dick who deserves everything he's getting. If you don't, you're letting a 'friend' down.

      I think the polarization of pro\anti Trump camps is the same sort of situation. The pro Trump crowd in this case are like the drunk's mates who walked into the pub with him. They know he's being a dick, but because they supported him in the first place, they feel they have to continue defending him, even when his crap is likely to get them into all sorts of trouble.

      Either that, or they are just a bunch of politically drunk a-holes as well....

  10. Marc 13

    Wont someone think of the children...

    He's just waiting 'till his youngest child is old enough to interact with the media... He's seen Putin retain control for 17 years and counting, so he's only got to wait 9 years for Barron to take charge.

    "I have a son. He's 10 years old. He has computers. He is so good with these computers, it's unbelievable."

    1. Aladdin Sane Silver badge

      "He is so good with these computers, it's unbelievable."

      He hardly ever loses a life in Super Mario.

  11. Anonymous Coward
    Terminator

    Reason why Trump didn't sign cybersecurity executive order

    "why did Donald postpone signing a new cybersecurity executive order."

    Because it would have made cabinet secretaries, agency heads, network administrators, system admins, and program managers accountable for cybersecurity.

    Why Windows is less secure than Linux by Richard Stiennon

    1. Anonymous Coward
      Anonymous Coward

      Re: Reason why Trump didn't sign cybersecurity executive order

      Although an OS discussion is not really on topic,

      Why Windows is less secure than anything

      FIFY

      :)

    2. Patrician

      Re: Reason why Trump didn't sign cybersecurity executive order

      And there it is! The Pro-Linux brigade hijacking a thread to spread their love of an OS that is not, yet, ready for general usage*.

      An OS is only as secure as the person touching the keyboard; put a numpty that likes to click on any links shown to them in front of a Linux PC and their information will be at risk in some way.

      * Until *all* the software that is available for Windows, including games, is available and as easy to install on Linux as it is on Windows, and all the features of all the available hardware (e.g. Graphic Cards) is supported by Linux, it isn't ready for general use I'm afraid.

      1. Doctor Syntax Silver badge

        Re: Reason why Trump didn't sign cybersecurity executive order

        "The Pro-Linux brigade hijacking a thread"

        Good try. Unfortunately for your comment, it didn't happen. One post does not a hijack make.

        1. h4rm0ny

          Re: Reason why Trump didn't sign cybersecurity executive order

          >>"Good try. Unfortunately for your comment, it didn't happen. One post does not a hijack make."

          I count four. And yours makes it five.

          And now mine has made it six. It's off-topic whether it's true or false (and it's false). Could the reason you're fine with someone ham-fistedly forcing their cause into the thread be because it's a cause you're favourable to?

          1. Anonymous Coward
            Anonymous Coward

            Re: Reason why Trump didn't sign cybersecurity executive order

            Hmmm, ham... Oh, wait..

      2. Anonymous Coward
        Anonymous Coward

        Re: Reason why Trump didn't sign cybersecurity executive order

        And there it is! The Pro-Linux brigade hijacking a thread to spread their love of an OS that is not, yet, ready for general usage*.

        Excuse me:

        (1) It's anti-Windows, not just pro Linux. We share the love.

        (2) Define "general usage". As a desktop, sure, it has a somewhat limited utility of you need more than word processing and email, but I would not touch Windows for serving anything exposed to the Net. We've had the Net around for a while now, but it still needs training wheels fitted in the form of anti virus before it can go anywhere near a public network. I don't see Google, Amazon or Facebook use Windows servers any time soon..

  12. BigLJ

    STAY OFF POLITICS

    I go to The Register for tech, NOT POLITICAL COMMENT. Butt out.

    1. James 51
      Angel

      Re: STAY OFF POLITICS

      Is that you Big John with a slightly different handle?

      1. Anonymous Coward
        Anonymous Coward

        Re: STAY OFF POLITICS

        Is that you Big John with a slightly different handle?

        Nope - registered last year with only a few posts. If she had changed the handle it would still track all her articles (yes, I said "she/her", I'm an equal opportunities windup :) ).

        1. James 51

          Re: STAY OFF POLITICS

          My thinking was seperate accounts to prevent being tracked like that. Could always be Big John Jr.

      2. Hollerithevo Silver badge

        Re: STAY OFF POLITICS

        BigLJ is Big John's cunning disguise.

    2. Anonymous Coward
      Anonymous Coward

      Re: STAY OFF POLITICS

      Politics happen to have a bloody great influence on how you work and what you have to do.

      You may want to ignore politics in your personal bubble, but that doesn't mean you won't be affected by it - only that you will have no influence on it..

    3. Anonymous Coward
      Anonymous Coward

      Re: STAY OFF POLITICS

      Who are you and why do you have any interest in my butt?

  13. Anonymous Coward
    Anonymous Coward

    Well, duh

    the order will hold US government department chiefs more accountable

    You gave the reason already. The delay is people in his team working out how they can still keep their nose clean when things go wrong. Apparently, making people accountable in government is just not done..

  14. Goldmember
    Facepalm

    "We need less regulations and more action", Bay said

    Fewer.

    1. Robert Helpmann?? Silver badge
      Headmaster

      Re: "We need less regulations and more action", Bay said

      Goldmember, perhaps this is better still:

      "We need less regulation and more action."

  15. Halfmad Silver badge

    "Each network administrator, system admin, and program manager should be held accountable for the security of their own systems. "

    Hold the boat there buddy, shouldn't that be each SYSTEM OWNER - those you are holding accountable there have sweet FA authority in the grand scale of things.

  16. Doctor Syntax Silver badge

    Probably objections from the NSA & FBI. They don't want anybody going round bolting back doors, they wouldn't be able to keep an eye on the rest of govt. & worse still, the habit might spread to the proles.

    1. Aqua Marina

      TLA backdoors.

      That's actually a good point. Who is liable if an attacker successfully intrudes via a backdoor that you are legally required to leave open, and you are legally forbidden from admitting exists. Someone has probably pointed this out, and it's currently gone for consultation behind closed doors.

    2. Anonymous Coward
      Anonymous Coward

      Nice! I wouldn't put it past them, not that I have any choice in the matter. My money is on Rudy not being up to speed in "Cibar Securities" yet. He still needs to check these boxes:

      1) read the Children's Big 3D Book of Computers and Things (published 1988, target age 8)

      2) find a stick

      3) carve it into a divining rod so he can "find the cibar baddies!"

      4) blame the Clintons again when that does not work as planned

  17. Stevie Silver badge

    Bah!

    If the Volkswagen Fiasco taught us anything it is that Bigwigs have no problem "pushing down" to find "those really responsible" when it comes to the Blame Allocation Phase.

    1. Doctor Syntax Silver badge

      Re: Bah!

      It's also teaching us that the blame can eventually come bouncing back. When it does it gets amplified. Cover-ups never look good when found out.

  18. Stoneshop Silver badge
    FAIL

    That last bit

    "It would be better to have a separate cabinet-level cyber leader, one with the technical and policy background to offer a real contribution.”

    Is there any Turnip Cabinet member who actually has the relevant technical and policy background with regard to their assigned department?

    Oh, wait, they have money. Good enough for the Orange One.

  19. Colin Millar
    Boffin

    Playing the game

    Anyone who has been in admin at a serious level knows how to stay a few steps ahead of the accountability.

    Give them this memo and they will say - sure - I'll accept accountability - here is my assessment of what is needed to make this shit secure (long list of stuff with budgets follows). Its called CYA and these people know that in their jobs it is their number one priority cos their bosses are all politicians who will hang their granny out to dry before taking a hit.

    Radical changes in direction in large organisations take time and money and (because it is all new) no-one quite knows how much of each. You can, to a degree, reduce the cost by increasing the time but you cannot reduce the time by much no matter how much money you throw at it because the specialist resources required to fulfill complex tasks are limited.

  20. ecofeco Silver badge

    Is this a trick question?

    Out of all the executive orders he didn't sign, why did it have to be that one?

  21. Aodhhan

    Amazing

    Yeah, we get it Trump bashers. You don't like him, and you love repeating the same stupid left wing racist-elitist talking points. Too bad you can't think critically and come up with original thoughts.

    The problem in the Government, and how the RMF has been implemented is in those who are "ACTUALLY" responsible for each network's security. Currently this lies with individuals who are 0-7 or SES-1 level (or above). You aren't going to hold a general officer accountable; and there are very few flag officers who are deeply knowledgeable in information security. Not to mention the fact, many times these officers aren't physically located at the same base or city the network is. Just stupid, right?

    They need to go back to allowing O-6 and GS-15 level officers and perhaps even O-5/GS-14 level officers take responsibility for networks. They need to increase the number of cybersecurity red teams, as well as ensure RMF standards are implemented and organizations are funded properly to meet certification and accreditation standards. Holding commanders responsible for networks which do not meet RMF standards, or have a POAM in place to correct deficiencies.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020