Today, on his last full day in office as President of the United States, Donald Trump took further action against malicious cyber-enabled activities with regard to previous Executive Order 13694, penned in April of 2015. The original order blocked the property of certain persons engaging in significant malicious cyber-enabled activities.
This is really good news because the newest order extends to address the misuse of US Infrastructure as a Service (IaaS) products by foreign malicious cyber actors. IaaS products provide the ability to run software and store data on servers offered for rent or lease without responsibility for the maintenance and operating costs of those servers; it’s essentially renting infrastructure, which is something that is becoming increasingly more popular with enterprises worldwide (AWS comes to mind, and so does Dominion Voting Systems).
The new executive order will aid in the prevention of further interference in United States critical infrastructure as a service technology by foreign actors and sets aside timelines for reporting back to the President that appropriate security measures have been taken to secure United States IaaS services as they relate to critical infrastructure.
This is a win for cybersecurity as it relates to the national security of United States and applies in so many ways as the infrastructure of the country evolves and becomes further digitized. By providing requirements to identify foreign actors that purchase IaaS solutions and by providing guidance for a reporting system that includes maintaining and securing data that is going outside of the US, we can save a lot of headache where foreign actors might delete or damage data and evidence of wrongdoing.
This is one executive order that must stand moving forward to give the country a stronger and more secure digital future. Nice work, Mr. President.