There has been a lot of buzz about President Trump’s forthcoming executive order on federal cybersecurity. There’s just one problem with the key provision of that order: It’s already been done. From CFR’s Net Politics blog:
In briefings late January, President Trump promised that he would hold agency heads accountable for failures in cybersecurity. He plans to issue an executive order to do that early this month. While on its surface, the idea that executives in both the public and private sector need to be held accountable for cybersecurity, there is just one problem with the approach. It’s already required by law.
The Federal Information Security Modernization Act (FISMA) puts responsibility squarely on the shoulders of agency heads. In July 2015, President Obama showed what that means when Office of Personnel Management Director Katherine Archuleta was forced to step down from her post.