Confusing the two Trump cybersecurity executive orders

In Andy Greenberg's Wired article on February 9, 2017, "Trump Cybersecurity Chief Could Be a 'Voice of Reason," he writes:

But when Trump’s draft executive order on cybersecurity emerged last week, it surprised the cybersecurity world by hewing closely to the recommendations of bipartisan experts—including one commission assembled by the Obama administration.

The described timing and the link both refer to the original draft cybersecurity executive order, which does not at all resemble the recommendations of Obama's Commission on Enhancing National Cybersecurity or the recommendations of the Center for Strategic and International Studies Cyber Policy Task Force, which both included input from large numbers of security experts. Contrary to what Greenberg says, the executive order he refers to was widely criticized on a number of grounds, including that it is incredibly vague and high level, specifies an extremely short time frame for its reviews, and that it seemed to think it was a good idea to collect information about major U.S. vulnerabilities and defenses into one place and put it into the hands of then-National Security Advisor Michael T. Flynn. That original version of the executive order resembled the Trump campaign's website policy proposal on cybersecurity.

The positive remarks, instead, were for a revised version of the cybersecurity executive order which was verbally described to reporters on the morning of January 31, the day that the signing of the order was expected to happen at 3 p.m., after Trump met for a listening session with security experts. The signing was cancelled, and the order has not yet been issued, but a draft subsequently got some circulation later in the week and was made public at the Lawfare blog on February 9.

This executive order contains recommendations consistent with both the Cybersecurity Commission report and the CSIS Cyber Policy Task Force report, mandating the use of the NIST Cybersecurity Framework by federal agencies, putting the Office of Management and Budget (OMB) in charge of enterprise risk assessment across agencies, promoting IT modernization and the promotion of cloud and shared services infrastructure, and directing DHS and other agency heads to work with private sector critical infrastructure owners on defenses.

One key thing it does not do, which was recommended by both reports, is elevate the White House cybersecurity coordinator role (a role which the Trump administration has not yet filled, which was held by Michael Daniel in the Obama administration) to an Assistant to the President, reflecting the importance of cybersecurity. Greenberg's piece seems to assume that Thomas Bossert is in the lead cybersecurity coordinator role, but his role is Homeland Security Advisor (the role previously held by Lisa Monaco in the Obama administration), with broad responsibility for homeland security and counterterrorism, not cybersecurity-specific.

Despite Greenberg's error confusing the two executive orders being pointed out to him on Twitter on February 9, the article hasn't been corrected as of February 16.

Books read in 2016

Not much blogging going on here still, but here's my annual list of books read for 2016. Items with hyperlinks are linked directly to the item online (usually PDF, some of these are reports rather than books), with no paywall or fee.

• Andreas Antonopoulos, The Internet of Money
• Herbert Asbury, The Gangs of New York: An Informal History of the Underworld
• Rob Brotherton, Suspicious Minds: Why We Believe Conspiracy Theories
• Center for Cyber & Homeland Security, Into the Gray Zone: The Private Sector and Active Defense Against Cyber Threats
• Michael D'Antonio, Never Enough: Donald Trump and the Pursuit of Success
• Henning Diedrich, Ethereum: Blockchains, Digital Assets, Smart Contracts, Decentralized Autonomous Organizations
• Martin Ford, Rise of the Robots: Technology and the Threat of a Jobless Future
• Emma A. Jane and Chris Fleming, Modern Conspiracy: The Importance of Being Paranoid
• Roger Z. George and James B. Bruce, editors, Analyzing Intelligence: Origins, Obstacles, and Innovations
• Peter Gutmann, Engineering Security
• House Homeland Security Committee, Going Dark, Going Forward: A Primer on the Encryption Debate
• Dr. Rob Johnston, Analytic Culture in the U.S. Intelligence Community: An Ethnographic Study
• R.V. Jones, Most Secret War
• Fred Kaplan, Dark Territory: The Secret History of Cyber War
• Maria Konnikova, The Confidence Game: Why We Fall for It...Every Time
• Adam Lee, hilarious blog commentary on Atlas Shrugged
• Deborah Lipstadt, Denying the Holocaust: The Growing Assault on Truth and Memory
• Dan Lyons, Disrupted: My Misadventure in the Startup Bubble
• Geoff Manaugh, A Burglar's Guide to the City
• Felix Martin, Money: The Unauthorized Biography--From Coinage to Cryptocurrencies
• Nathaniel Popper, Digital Gold: Bitcoin and the Inside Story of the Misfits and Millionaires Trying to Reinvent Money
• John Allen Paulos, A Numerate Life: A Mathematician Explores the Vagaries of Life, His Own and Probably Yours
• Mary Roach, Grunt: The Curious Science of Humans at War
• Jon Ronson, The Elephant in the Room: A Journey into the Trump Campaign and the "Alt-Right"
• Oliver Sacks, On the Move: A Life
• Luc Sante, Low Life: Lures and Snares of Old New York
• Adam Segal, The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age
• Steve Silberman, NeuroTribes: The Legacy of Autism and the Future of Neurodiversity
• Richard Stiennon, There Will Be Cyberwar: How the Move to Network-Centric War Fighting Has Set the Stage for Cyberwar
• Russell G. Swenson, editor, Bringing Intelligence About: Practitioners Reflect on Best Practices
• U.S. Army Special Operations Command, "Little Green Men": A Primer on Modern Russian Unconventional Warfare, Ukraine, 2013-2014
• Joseph E. Uscinski and Joseph M. Parent, American Conspiracy Theories
• Paul Vigna and Michael J. Casey, The Age of Crypto Currency: How Bitcoin and the Blockchain Are Challenging the Global Economic Order

I made progress on a few other books (first four from 2016, one from 2015,  next three from 2014, next three from 2013, last two still not finished from 2012--I have trouble with e-books, especially very long nonfiction e-books):

• Andreas Antonopoulos, Mastering Bitcoin: Unlocking Digital Cryptocurrencies
• Robert M. Gates, Duty: Memoirs of a Secretary at War
• Jocelyn Godwin, Upstate Cauldron: Eccentric Spiritual Movements in Early New York State
• Thomas Rid, Rise of the Machines: A Cybernetic History
• John Searle, Making the Social World
• Andrew Jaquith, Security Metrics: Replacing Fear, Uncertainty, and Doubt
• Massimo Pigliucci and Maarten Boudry, Philosophy of Pseudoscience: Reconsidering the Demarcation Problem
• Steven Pinker, The Sense of Style: The Thinking Person's Guide to Writing in the 21st Century
• Richard Bejtlich, The Practice of Network Security Monitoring
• James Grimmelmann, Internet Law: Cases & Problems (v2; v3 is out now)
• Douglas Hofstadter and Emmanuel Sander, Surfaces and Essences: Analogy as the Fuel and Fire of Thinking
• Mark Dowd, John McDonald, and Justin Schuh, The Art of Software Security Assessment: Identifying and Avoiding Software Vulnerabilities
• Michal Zalewski, The Tangled Web: A Guide to Securing Modern Web Applications

Top ten for 2016:  Sacks, Silberman, Jane & Fleming, Konnikova, Manaugh, Lyons, Popper, Uscinski & Parent, Jones, Lipstadt.

(Previously: 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005.)

Books read in 2015

Not much blogging going on here lately, but here's my annual list of books read for 2015:

• George A. Akerlof and Robert J. Shiller, Phishing for Phools: The Economics of Manipulation & Deception
• Jeffrey S Bardin, The Illusion of Due Diligence: Notes from the CISO Underground
• Bill Browder, Red Notice: A True Story of High Finance, Murder, and One Man's Fight for Justice
• Ron Chernow, Alexander Hamilton
• Gabriella Coleman, Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous
• Karen Dawisha, Putin's Kleptocracy: Who Owns Russia?
• Laura DeNardis, The Global War for Internet Governance
• Daniel C. Dennett and Linda LaScola, Caught in the Pulpit: Leaving Belief Behind
• Mary Douglas and Aaron Wildavsky, Risk and Culture: An Essay on the Selection of Technological and Environmental Dangers
• William J. Drake and Monroe Price, editors, Internet Governance: The NETmundial Roadmap
• Jon Friedman and Mark Bouchard, Definitive Guide to Cyber Threat Intelligence
• Marc Goodman, Future Crimes: Everything is Connected, Everyone is Vulnerable, and What We Can Do About It
• Marc Hallet, A Critical Appraisal of George Adamski: The Man Who Spoke to the Space Brothers
• Shane Harris, @War: The Rise of the Military-Internet Complex
• Peter T. Leeson, The Invisible Hook: The Hidden Economics of Pirates
• Reed Massengill, Becoming American Express: 150 Years of Reinvention and Customer Service
• James Andrew Miller and Tom Shales, Live From New York: The Complete, Uncensored History of Saturday Night Live, as Told By Its Stars, Writers, and Guests (two new chapters)
• David T. Moore, Critical Thinking and Intelligence Analysis
• Richard E. Nisbett, Mindware: Tools for Smart Thinking
• Tony Ortega, The Unbreakable Miss Lovely: How the Church of Scientology Tried to Destroy Paulette Cooper
• Whitney Phillips, This is Why We Can't Have Nice Things: Mapping the Relationship Between Online Trolling and Mainstream Culture
• Joseph M. Reagle, Jr., Reading the Comments: Likers, Haters, and Manipulators at the Bottom of the Web
• Jon Ronson, Lost at Sea: The Jon Ronson Mysteries
• Jon Ronson, So You've Been Publicly Shamed
• Bruce Schneier, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World
• P.W. Singer and Allan Friedman, Cybersecurity and Cyberwar: What Everyone Needs to Know
• David Skarbek, The Social Order of the Underworld: How Prison Gangs Govern the American Penal System
• Andrei Soldatov and Irina Borogan, The Red Web: The Struggle Between Russia's Digital Dictators and the New Online Revolutionaries
• Philip E. Tetlock and Dan Gardner, Superforecasting: The Art and Science of Prediction
• Richard H. Thaler, Misbehaving: The Making of Behavioral Economics

I made progress on a few other books (first two last year,  next four from 2014, next three from 2013, last two still not finished from 2012--I have trouble with very long nonfiction e-books):

• Roger Z. George and James B. Bruce, editors, Analyzing Intelligence: Origins, Obstacles, and Innovations
• John Searle, Making the Social World
• Peter Gutmann, Engineering Security
• Andrew Jaquith, Security Metrics: Replacing Fear, Uncertainty, and Doubt
• Massimo Pigliucci and Maarten Boudry, Philosophy of Pseudoscience: Reconsidering the Demarcation Problem
• Steven Pinker, The Sense of Style: The Thinking Person's Guide to Writing in the 21st Century
• Richard Bejtlich, The Practice of Network Security Monitoring
• James Grimmelmann, Internet Law: Cases & Problems (v2; v3 is out now)
• Douglas Hofstadter and Emmanuel Sander, Surfaces and Essences: Analogy as the Fuel and Fire of Thinking
• Mark Dowd, John McDonald, and Justin Schuh, The Art of Software Security Assessment: Identifying and Avoiding Software Vulnerabilities
• Michal Zalewski, The Tangled Web: A Guide to Securing Modern Web Applications

Top ten for 2015:  Browder, Chernow, Coleman, Ronson (Shamed), Schneier, Phillips, Nisbett, Ortega, Miller and Shales, Thaler. I bought and read Bardin's book because Richard Bejtlich identified it as a "train wreck," and it was.

(Previously: 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005.)