Cisco Blogs

Take Seriously This Sentence in the Cybersecurity Executive Order

June 12, 2017 - 2 Comments

The Cybersecurity Executive Order that President Trump signed on May 11 shouldn’t tell you much that don’t already know about the importance of security to the Federal Government. However, there’s a sentence in it that should give every agency leader a fresh sense of urgency:

“The President will hold heads of executive departments and agencies (agency heads) accountable for managing cybersecurity risk to their enterprises.”

The president clearly means business on this. And if you think he won’t fire people, look no further than former FBI Director, James Comey. This one sentence is really the most substantial statement in the entire Executive Order. There is more there, though, and over the next several months I will try to peel apart the layers of the order in more detail.

But you already know, that you should be modernizing antiquated IT infrastructure for starters. And as products age out of support, it becomes impossible to patch known vulnerabilities, not to mention losing the efficiencies of more current solutions. If your modernization efforts currently includes threat intelligence products that can detect anomalous behavior at the network’s edge, you’re moving in the right direction to detect ever growing attacks against aging infrastructure (the new low-hanging fruit).

Trump speaking

President Donald Trump signed an executive order urging a risk model for cybersecurity.

So now, the president has turned a commonly accepted practice in corporate America, namely executive accountability for cybersecurity incidents, into a defined directive for the entire Federal Government. And the president clearly doesn’t have any issues with holding leaders directly accountable for their inaction and has given clear indications of his expectations.

If you haven’t started already, you should immediately begin planning on phasing out all unsupported equipment and suspected grey market products to insure maximum ability to maintain a currently supported infrastructure capable of vulnerability maintenance.

The mandate has been provided in clear terms and nobody should be surprised if excuses are no longer accepted.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Great post Andrew. As a friend of mine says “It’s intuitively obvious to even the casual observer”, but, sadly, some may need to have your observations proven to them. The astute will heed your words.

  2. Great stuff, Andrew!