Trump administration officials have issued new guidance on cybersecurity, but the president is facing another major obstacle in his efforts to enact an executive order: Congressional Democrats.
The administration on Tuesday issued a new rule for how to handle private companies, which requires that all businesses must get approval from the Department of Homeland Security before using data collected from their systems.
The DHS’s guidance is the latest in a series of rules issued by the Trump administration to help companies address cybersecurity issues.
The guidance issued Tuesday is the most sweeping so far, requiring companies to have a full and complete plan to implement a cybersecurity strategy for the entire business, including how to protect themselves from cyberattacks.
The guidelines say companies should identify “any vulnerabilities” in their systems and “include a timeline to fix those vulnerabilities,” as well as “any other information necessary to evaluate the risk posed by any vulnerabilities.”
The DHS also said companies should consider cybersecurity vulnerabilities “within a reasonable timeframe” and that companies should have a plan to mitigate the potential for the vulnerabilities to become exploited by others.
“These guidance should not be interpreted to mean that the Department does not take the safety and security of our customers and employees very seriously,” the DHS said in the guidance.
“The guidance will ensure that companies have clear processes to mitigate risks that could be exploited by outside actors.”
But Democrats blasted the guidance, saying it would do little to prevent cyberattacks from taking place and would instead “lose the war on cyber and weaken our cyber defenses.”
Democrats also argued that the new guidance only applies to a small group of companies and that the administration should have given more weight to private sector cybersecurity.
The White House also issued a statement saying the DHS guidance would only help companies “better protect themselves against potential threats.”
“The government has repeatedly made clear that the government cannot regulate cybersecurity without considering the full range of threats to our cybersecurity and our national security,” White House press secretary Josh Earnest said.
“In this new guidance, the administration has done just that.
We’ve said that we will take steps to strengthen our cybersecurity infrastructure, and that includes new rules to better protect against cyberattacks.”
The new guidance was the latest of several issued by Trump administration agencies to try to improve cybersecurity, including an executive action last month to make it easier for companies to get approval for cybersecurity policies and rules.
The order requires companies to create plans to address vulnerabilities in their data collection and use.
The rules will also require companies to establish “cyber-ready” cybersecurity strategies.
The Trump administration said Tuesday that companies must be able to demonstrate to the Department that their plans will “prevent and respond to a wide range of cybersecurity threats” by December 31.
“This is an order for the federal government, not a new federal regulation, and this is not the time for us to be in a position of creating rules,” Earnest told reporters.
“It is important that the companies that are going to have to develop plans to protect against this attack, as well, are able to do so with this new set of rules, which is consistent with the rule of law.”
The order also says companies can “apply for a special authorization from DHS for use of their systems to conduct cybersecurity research and analysis to meet national security requirements, including protecting against cyber attacks.”