Confusing the two Trump cybersecurity executive orders

In Andy Greenberg's Wired article on February 9, 2017, "Trump Cybersecurity Chief Could Be a 'Voice of Reason," he writes:

But when Trump’s draft executive order on cybersecurity emerged last week, it surprised the cybersecurity world by hewing closely to the recommendations of bipartisan experts—including one commission assembled by the Obama administration.

The described timing and the link both refer to the original draft cybersecurity executive order, which does not at all resemble the recommendations of Obama's Commission on Enhancing National Cybersecurity or the recommendations of the Center for Strategic and International Studies Cyber Policy Task Force, which both included input from large numbers of security experts. Contrary to what Greenberg says, the executive order he refers to was widely criticized on a number of grounds, including that it is incredibly vague and high level, specifies an extremely short time frame for its reviews, and that it seemed to think it was a good idea to collect information about major U.S. vulnerabilities and defenses into one place and put it into the hands of then-National Security Advisor Michael T. Flynn. That original version of the executive order resembled the Trump campaign's website policy proposal on cybersecurity.

The positive remarks, instead, were for a revised version of the cybersecurity executive order which was verbally described to reporters on the morning of January 31, the day that the signing of the order was expected to happen at 3 p.m., after Trump met for a listening session with security experts. The signing was cancelled, and the order has not yet been issued, but a draft subsequently got some circulation later in the week and was made public at the Lawfare blog on February 9.

This executive order contains recommendations consistent with both the Cybersecurity Commission report and the CSIS Cyber Policy Task Force report, mandating the use of the NIST Cybersecurity Framework by federal agencies, putting the Office of Management and Budget (OMB) in charge of enterprise risk assessment across agencies, promoting IT modernization and the promotion of cloud and shared services infrastructure, and directing DHS and other agency heads to work with private sector critical infrastructure owners on defenses.

One key thing it does not do, which was recommended by both reports, is elevate the White House cybersecurity coordinator role (a role which the Trump administration has not yet filled, which was held by Michael Daniel in the Obama administration) to an Assistant to the President, reflecting the importance of cybersecurity. Greenberg's piece seems to assume that Thomas Bossert is in the lead cybersecurity coordinator role, but his role is Homeland Security Advisor (the role previously held by Lisa Monaco in the Obama administration), with broad responsibility for homeland security and counterterrorism, not cybersecurity-specific.

Despite Greenberg's error confusing the two executive orders being pointed out to him on Twitter on February 9, the article hasn't been corrected as of February 16.

Books read in 2016

Not much blogging going on here still, but here's my annual list of books read for 2016. Items with hyperlinks are linked directly to the item online (usually PDF, some of these are reports rather than books), with no paywall or fee.

• Andreas Antonopoulos, The Internet of Money
• Herbert Asbury, The Gangs of New York: An Informal History of the Underworld
• Rob Brotherton, Suspicious Minds: Why We Believe Conspiracy Theories
• Center for Cyber & Homeland Security, Into the Gray Zone: The Private Sector and Active Defense Against Cyber Threats
• Michael D'Antonio, Never Enough: Donald Trump and the Pursuit of Success
• Henning Diedrich, Ethereum: Blockchains, Digital Assets, Smart Contracts, Decentralized Autonomous Organizations
• Martin Ford, Rise of the Robots: Technology and the Threat of a Jobless Future
• Emma A. Jane and Chris Fleming, Modern Conspiracy: The Importance of Being Paranoid
• Roger Z. George and James B. Bruce, editors, Analyzing Intelligence: Origins, Obstacles, and Innovations
• Peter Gutmann, Engineering Security
• House Homeland Security Committee, Going Dark, Going Forward: A Primer on the Encryption Debate
• Dr. Rob Johnston, Analytic Culture in the U.S. Intelligence Community: An Ethnographic Study
• R.V. Jones, Most Secret War
• Fred Kaplan, Dark Territory: The Secret History of Cyber War
• Maria Konnikova, The Confidence Game: Why We Fall for It...Every Time
• Adam Lee, hilarious blog commentary on Atlas Shrugged
• Deborah Lipstadt, Denying the Holocaust: The Growing Assault on Truth and Memory
• Dan Lyons, Disrupted: My Misadventure in the Startup Bubble
• Geoff Manaugh, A Burglar's Guide to the City
• Felix Martin, Money: The Unauthorized Biography--From Coinage to Cryptocurrencies
• Nathaniel Popper, Digital Gold: Bitcoin and the Inside Story of the Misfits and Millionaires Trying to Reinvent Money
• John Allen Paulos, A Numerate Life: A Mathematician Explores the Vagaries of Life, His Own and Probably Yours
• Mary Roach, Grunt: The Curious Science of Humans at War
• Jon Ronson, The Elephant in the Room: A Journey into the Trump Campaign and the "Alt-Right"
• Oliver Sacks, On the Move: A Life
• Luc Sante, Low Life: Lures and Snares of Old New York
• Adam Segal, The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age
• Steve Silberman, NeuroTribes: The Legacy of Autism and the Future of Neurodiversity
• Richard Stiennon, There Will Be Cyberwar: How the Move to Network-Centric War Fighting Has Set the Stage for Cyberwar
• Russell G. Swenson, editor, Bringing Intelligence About: Practitioners Reflect on Best Practices
• U.S. Army Special Operations Command, "Little Green Men": A Primer on Modern Russian Unconventional Warfare, Ukraine, 2013-2014
• Joseph E. Uscinski and Joseph M. Parent, American Conspiracy Theories
• Paul Vigna and Michael J. Casey, The Age of Crypto Currency: How Bitcoin and the Blockchain Are Challenging the Global Economic Order

I made progress on a few other books (first four from 2016, one from 2015,  next three from 2014, next three from 2013, last two still not finished from 2012--I have trouble with e-books, especially very long nonfiction e-books):

• Andreas Antonopoulos, Mastering Bitcoin: Unlocking Digital Cryptocurrencies
• Robert M. Gates, Duty: Memoirs of a Secretary at War
• Jocelyn Godwin, Upstate Cauldron: Eccentric Spiritual Movements in Early New York State
• Thomas Rid, Rise of the Machines: A Cybernetic History
• John Searle, Making the Social World
• Andrew Jaquith, Security Metrics: Replacing Fear, Uncertainty, and Doubt
• Massimo Pigliucci and Maarten Boudry, Philosophy of Pseudoscience: Reconsidering the Demarcation Problem
• Steven Pinker, The Sense of Style: The Thinking Person's Guide to Writing in the 21st Century
• Richard Bejtlich, The Practice of Network Security Monitoring
• James Grimmelmann, Internet Law: Cases & Problems (v2; v3 is out now)
• Douglas Hofstadter and Emmanuel Sander, Surfaces and Essences: Analogy as the Fuel and Fire of Thinking
• Mark Dowd, John McDonald, and Justin Schuh, The Art of Software Security Assessment: Identifying and Avoiding Software Vulnerabilities
• Michal Zalewski, The Tangled Web: A Guide to Securing Modern Web Applications

Top ten for 2016:  Sacks, Silberman, Jane & Fleming, Konnikova, Manaugh, Lyons, Popper, Uscinski & Parent, Jones, Lipstadt.

(Previously: 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005.)