White House Wants to Bake Security Into New IT Projects

President Donald Trump’s top cybersecurity advisor will be pitching in on a government modernization program led by the president’s son-in-law Jared Kushner to ensure security is built into any new government tools from the beginning, he said Monday.

Kushner’s Office of American Innovation has numerous tasks including combating opioid addiction and improving services to veterans but the president put a premium on the office’s government modernization role in early comments.

White House Cybersecurity Coordinator Rob Joyce’s role will be ensuring “that innovation and cybersecurity are intertwined,” he said, and that neither takes a backseat to the other.

Joyce listed securing government networks and technology as one of three main cyber priorities for the Trump administration during a speech at Georgetown University’s International Conference on Cyber Engagement, his first formal address since taking office.

The administration’s other two cyber priorities are securing critical infrastructure and promoting good behavior and rules of the road in international cyberspace, he said.

Those priorities largely jibe with the Obama administration’s policies.

The priorities also will be reflected in a long-delayed cybersecurity executive order, Joyce said. He declined to offer specific details about the order other than to say it will be arriving relatively soon.

The administration wants to “make sure the cybersecurity executive order emerges with the time and attention it needs,” he said, adding “we are very close.”

Trump hopes to develop a “comprehensive enterprise risk management approach” that incorporates the entire federal government, Joyce said.

“We will then be able to evaluate whether, in the aggregate, the federal government’s risk posture is appropriately tailored to the threat environment we’re facing,” he said.

The president also plans to hold top agency heads ultimately accountable for breaches at their agencies, Joyce said, and hopes to ramp up shared services inside government so that smaller and less resourced agencies can rely on the expertise and secure networks of their better-resourced peers.

“How do we ensure the Bureau of Reclamation has the same focus on cybersecurity in their critical infrastructure as the Department of Defense does in their weapons systems? That’s a real challenge,” he said.

The Trump administration also hopes to develop a strategy to deter cyber adversaries such as terrorists and nation-states from attacking U.S. targets, Joyce said. That will include both hardening defenses and making U.S. cyber infrastructure more resilient and also by striking back when attacked.

Those counter strikes may take place in cyberspace but may also rely on diplomacy, economic sanctions or conventional military might, Joyce said.

“We recognize that deterrence also necessitates the development of flexible and immediate, sometimes reversible, responses tailored to key threats and malicious actors,” he said.

The Obama administration described a similar deterrent strategy but was unable to stop adversaries including Russian and China from multiple damaging government data breaches.

Joyce described at length the damage caused by a China-linked breach of sensitive security clearance information about more than 20 million current and former federal employees and their families from the Office of Personnel Management.

He did not address Russia-linked breaches at Democratic political organizations that U.S. intelligence agencies have concluded were aimed at helping Trump’s electoral chances and damaging the chances of Democratic nominee Hillary Clinton.

The FBI and congressional committees are currently investigating those breaches and whether there were any meaningful contacts between Russian intelligence agencies and Trump campaign officials.