Presidential Executive Order 13800 focuses on many key areas that are integral to building and maintaining a successful Insider Threat Program. Some of these critical components include establishing: clear objectives, goals, executive-level participants from key divisions, timeframes and justifications.
The White House announced Presidential Executive Order 13800 on May 11, 2017. This order focuses on the Cybersecurity of Federal Networks, Cybersecurity of Critical Infrastructure, and Cybersecurity of the United States. Many of these provisions are expanding upon policies recommended by the Obama administration. Several sections of the Executive Order mandate components that focus on external threats yet are integral to a successful Insider Threat Program.
Section 1: Cybersecurity of Federal Networks
Successful Insider Threat Programs feature a team comprised of senior level executives from IT, Security, Finance, Legal and Human Resources departments.
- Similar to this, section (b), (v) of Section 1 requires Agency heads to lead integrated teams of senior executives with expertise in IT, security, budgeting, acquisition, law, privacy and human resources for effective risk management.
As part of an effective Insider Threat Program, clear objectives must be established to leverage and maximize use of current security programs, capital and understanding of risk appetite. Initial steps in building an Insider Threat Program also include establishing goals, timeframes and justifications.
- The Executive Order incorporates all of these items. For example, deliverables in Section 1 include agency risk management reports from the heads of each Agency outlining a cybersecurity risk-management strategy submitted to the Secretary of Homeland Security and the Director of the Office of Management and Budget.The Executive Order states the Secretary of Homeland Security and Director of the Office of Management and Budget must then make recommendations addressing inadequacies, budgetary needs and a process for assessing unmet budgetary needs to effectively manage risk. They must also offer suggestions for reconciling and reissuing policies, standards and guidelines to align with the NIST Cybersecurity Framework.
Section 2: Cybersecurity of Critical Infrastructure
As part of the Development Phase of an Insider Threat Program, team members must assess risk, develop an action plan, develop policy and governance and obtain support. Section 2 of the Executive Order specifies the different types of risk, action plans, policies and how the executive branch of the government will support the cybersecurity risk management efforts of the Nation’s critical infrastructure. This includes support to critical infrastructure with the greatest risk and supporting transparency in the marketplace.
For example, Section 2 requires a plan of action from the Secretary of Defense, the Secretary of Homeland Security and the Director of the FBI addressing prolonged power outages that may result from cybersecurity attacks.
Section 3: Security of the Nation
One of the most effective components of an Insider Threat Program is employee training and education. Section 3 (d), of the Executive Order discusses workforce development to ensure the United States maintains a long-term cybersecurity advantage. From the Executive Order, “jointly assess the scope and sufficiency of efforts to educate and train the American cybersecurity workforce of the future, including cybersecurity-related education curricula, training, and apprenticeship programs, from primary through higher education…”
Presidential Executive Order 13800 focuses on many key areas that are integral to building and maintaining a successful Insider Threat Program.
This includes establishing: clear objectives, goals, executive-level participants from key divisions, timeframes and justifications.
Perhaps most important, much like education is a key component to a successful Insider Threat Program, the Executive Order includes a provision to educate the workforce to maintain long-term cybersecurity advantages.