Cybersecurity EO postponement: Lessons learned from immigration EO?

Mystery solved? The White House had announced that Donald Trump would sign an executive order on cybersecurity that would, among other new policies, move the executive responsibilities for the effort into the White House itself. The signing ceremony got postponed without much explanation, and it appeared that Trump and his team decided to take a little more time to mull over their new directives.

On Morning Joe, host Joe Scarborough told his panel that his contacts in the administration say that they’re proceeding more carefully after the chaos and controversy created by the rollout of their immigration EO five days ago:

JOE SCARBOROUGH: It’s very interesting — yeah, the staging, like we said, was horrific earlier on the Stephen Miller stuff and pehaps the Bannon stuff —

MIKA BRZEZINSKI: Because things like government got in the way.

JS: In this case, though, I was talking to the White House yesterday. Not really pleasant phone calls, but picked up in my reporting that the president and others said we’re going to do this in a very organized, meticulous way, and what happened over the weekend is not going to happen again.

That would be a good reason to take it a little slower. CNN Money reports, however, that the delay may be more significant. Instead of signing the order, Trump met with his senior advisers and the head of the NSA, and perhaps a different structure may emerge than first envisioned:

The president was expected to sign the mandate Tuesday. But instead Trump met with NSA director Admiral Mike Rogers, senior adviser Jared Kushner, chief strategist Steve Bannon and other national security officials to discuss it.

The executive order on cybersecurity seeks to consolidate responsibility for protecting the government from hackers. Right now, every agency is in charge of defending itself. This has caused years of consternation for the White House and agencies like Homeland Security, as each agency has different IT practices and exerts jurisdiction over its own networks.

But Trump intends to give ultimate responsibility for protecting the federal government’s computers to the White House’s budget and management office, according to a senior administration official.

That may not sit well with DHS, which under the last administration sought to position itself as the protector of federal networks.

However, Trump also promised that if any federal agency gets hacked, the blame would fall squarely on that agency’s top official.

That kind of accountability might be tougher to implement inside the White House than at DHS or the Department of Justice. Firing one’s own close adviser for failures reflects more closely on the president than cashiering an undersecretary at a federal agency. On the other hand, putting DHS in charge of everyone else’s computers puts them above their co-equal agencies in a very real manner and creates the potential for a lot of political sniping and all-out wars between bureaucracies.

In that context, it makes more sense to keep it in the White House, but that also brings up issues about the skill levels and competence needed for success — and we’re back at accountability again. It’s not exactly for nothing that previous administrations made each Cabinet department responsible for their own cybersecurity.

There are lots of good reasons to slow down and make sure all bases are covered on this policy before issuing an EO that could make things worse. Better to make sure that all of the stakeholders have had an opportunity to participate on the new policy and are ready to execute it in an orderly fashion before publishing it over the president’s signature. If the White House learned that lesson from last weekend’s botched execution of a reasonable policy, then so much the better for their future.