President Trump's cybersecurity executive order to hold federal agencies accountable

President Trump took aim at the federal government’s vulnerability to computer hacking Thursday, signing an executive order that mandates a top-down review of cybersecurity and holds agencies accountable for safeguarding digital information.

The executive order states that it will "hold heads of executive departments and agencies accountable for managing cybersecurity risk to their enterprises." White House Homeland Security Adviser Tom Bossert, speaking at the White House press briefing, said the White House took the action because online vulnerabilities at the agency level can put the nation at risk.

“The United States invented the Internet and we need to better use it,” Bossert said. “There will always be risk and we need to address that risk.”

"It’s exactly what we expected from Trump, and exactly what cybersecurity needs now.”

— Jake Olcott, BitSight

The order seeks to improve the network securities of U.S. government agencies and protect critical infrastructure, like the energy grid and financial sector, from attacks that lawmakers and officials have warned could pose a major national security threat. It follows a turbulent election year in which Russia and other entities were accused of meddling in the U.S. election.

But Sen. John McCain, R-Ariz., said the executive order was not needed.

"While I appreciate the President's interest in better understanding out capabilities and challenges in cyberspace as outlined in his Executive Order on Cybersecurity, the fact is that the challenges we confront are well known and well documented," McCain said in a statement on Thursday. "We do not need more assessments, reports, and reviews. We need policy, strategy, and the resources to carry them out."

But according to Jake Olcott, vice president at BitSight, a private-sector security ratings and risk assessment company,  the order provides for much-needed protection of critical data.

“Trump’s cybersecurity executive order is smart policy and a big win for this administration," said Olcott, a former legal adviser to the Senate Commerce Committee and counsel to the House of Representatives Homeland Security Committee. "The initiatives being put forth will help to bring the United States federal government and its agencies into the 21st century when it comes to protecting data and systems."

Trump signed the order to "keep his promise" to safeguard Americans in cyberspace, Bossert said. During the presidential campaign, Trump promised to appoint a team to create a cybersecurity plan within his first 90 days in office.

"I think the trend is going in the wrong direction in cyber space," Bossert said. "It's time to stop that and reverse it on behalf of the American people. We've seen increasing attacks, and sitting by and doing nothing isn't an option."

Bossert rejected the notion that the sole impetus for the move was the Russian allegations.

“Russians are not the only people that operate negatively on the Internet,” Bossert said. “Others do this, too.

"No, it wasn't a Russian motivated issue,” he added. “It was a U.S.A.-motivated issue."

Bossert noted that there have been numerous bipartisan cybersecurity studies and recommendations over the past eight years, and said the order signed Thursday "addresses, and includes, the best and the brightest of them."

In January, one task force of bipartisan lawmakers, chaired by House Homeland Security Chairman Michael McCaul, R-Texas, released a report with cybersecurity recommendations for the Trump administration.

“A silent war is waged against us in cyber space –if we don’t shape it, it will be shaped against us,” McCaul said. “Every person in this room is a target and the phones in your pocket are the battle space –and the enemy is winning.”

The executive order calls for a comprehensive review of the government and private sector cybersecurity, and establishment of a plan for protecting digital networks that store sensitive data. It includes specific cybersecurity directives for government agencies, including requiring each agency head  to adopt a uniform set of standards laid out by the National Institute of Standards and Technology.

"By focusing on executive-level accountability, securing the third-party ecosystem and developing a market-based approach to securing critical infrastructure, the executive order brings some of the best initiatives from the private sector and applies them to the government," said Olcott. "It’s exactly what we expected from Trump, and exactly what cybersecurity needs now.”

The order also calls for a study of the threat posed by “botnets,” which hackers use to overwhelm targeted servers.

Fox News' Chris Ciaccia contributed to this report