The single best thing about the cybersecurity order signed this week by President Donald Trump is that it clearly makes the head of each government agency responsible for cybersecurity. Instead of appointing a cybersecurity czar that would have little to no authority, the order makes it clear that the heads of each agency at the very least should know where and how their agency is vulnerable to cybersecurity attacks.
The single worst thing about the order is that all it asks those agency heads to do is file a report about the status of their cybersecurity efforts in accordance with the cybersecurity framework created by the National Institute of Standards (NIST). The NIST framework doesn’t provide any recommendations for how to solve cybersecurity issues. Rather, it basically informs organizations what they should be keeping track of to better discover those issues.