Committed to the First Amendment and OUR Freedom of Speech since 2008
Executive Order on Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities
(b) Within 240 days of the date of this order, the Attorney General and the Secretary of Homeland Security, in coordination with the Secretary, and, as the Attorney General and Secretary of Homeland Security deem appropriate, the heads of other agencies, shall develop and submit to the President a report containing recommendations to encourage:
(i) voluntary information sharing and collaboration, among United States IaaS providers; and
(ii) information sharing between United States IaaS providers and appropriate agencies, including the reporting of incidents, crimes, and other threats to national security, for the purpose of preventing further harm to the United States.
(c) The report and recommendations provided under subsection (b) of this section shall consider existing mechanisms for such sharing and collaboration, including the Cybersecurity Information Sharing Act (6 U.S.C. 1503 et seq.), and shall identify any gaps in current law, policy, or procedures. The report shall also include:
(i) information related to the operations of foreign malicious cyber actors, the means by which such actors use IaaS products within the United States, malicious capabilities and tradecraft, and the extent to which persons in the United States are compromised or unwittingly involved in such activity;
(ii) recommendations for liability protections beyond those in existing law that may be needed to encourage United States IaaS providers to share information among each other and with the United States Government; and
(iii) recommendations for facilitating the detection and identification of Accounts and activities that involve foreign malicious cyber actors.
Sec. 4. Ensuring Sufficient Resources for Implementation. The Secretary, in consultation with the heads of such agencies as the Secretary deems appropriate, shall identify funding requirements to support the efforts described in this order and incorporate such requirements into its annual budget submissions to the Office of Management and Budget.
Sec. 5. Definitions. For the purposes of this order, the following definitions apply:
(a) The term "entity" means a partnership, association, trust, joint venture, corporation, group, subgroup, or other organization;
(b) The term "foreign jurisdiction" means any country, subnational territory, or region, other than those subject to the civil or military jurisdiction of the United States, in which any person or group of persons exercises sovereign de facto or de jure authority, including any such country, subnational territory, or region in which a person or group of persons is assuming to exercise governmental authority whether such a person or group of persons has or has not been recognized by the United States;
(c) The term "foreign person" means a person that is not a United States person;
(d) The term "Infrastructure as a Service Account" or "Account" means a formal business relationship established to provide IaaS products to a person in which details of such transactions are recorded.
(e) The term "Infrastructure as a Service Product" means any product or service offered to a consumer, including complimentary or "trial" offerings, that provides processing, storage, networks, or other fundamental computing resources, and with which the consumer is able to deploy and run software that is not predefined, including operating systems and applications. The consumer typically does not manage or control most of the underlying hardware but has control over the operating systems, storage, and any deployed applications. The term is inclusive of "managed" products or services, in which the provider is responsible for some aspects of system configuration or maintenance, and "unmanaged" products or services, in which the provider is only responsible for ensuring that the product is available to the consumer. The term is also inclusive of "virtualized" products and services, in which the computing resources of a physical machine are split between virtualized computers accessible over the Internet (e.g., "virtual private servers"), and "dedicated" products or services in which the total computing resources of a physical machine are provided to a single person (e.g., "bare-metal" servers);
(f) The term "malicious cyber-enabled activities" refers to activities, other than those authorized by or in accordance with United States law that seek to compromise or impair the confidentiality, integrity, or availability of computer, information, or communications systems, networks, physical or virtual infrastructure controlled by computers or information systems, or information resident thereon;
(g) The term "person" means an individual or entity;
(h) The term "Reseller Account" means an Infrastructure as a Service Account established to provide IaaS products to a person who will then offer those products subsequently, in whole or in part, to a third party.
(i) The term "United States Infrastructure as a Service Product" means any Infrastructure as a Service Product owned by any United States person or operated within the territory of the United States of America;
(j) The term "United States Infrastructure as a Service Provider" means any United States Person that offers any Infrastructure as a Service Product;
(k) The term "United States person" means any United States citizen, lawful permanent resident of the United States as defined by the Immigration and Nationality Act, entity organized under the laws of the United States or any jurisdiction within the United States (including foreign branches), or any person located in the United States;
Sec. 6. Amendment to Reporting Authorizations. Section (9) of Executive Order 13694, as amended, is further amended to read as follows:
"Sec. 9. The Secretary of the Treasury, in consultation with the Secretary of State, the Attorney General, and the Secretary of Commerce, is hereby authorized to submit the recurring and final reports to the Congress on the national emergency declared in this order, consistent with section 401(c) of the NEA (50 U.S.C. 1641(c)) and section 204(c) of IEEPA (50 U.S.C. 1703(c))."
Sec. 7. General Provisions. (a) The Secretary, in consultation with the heads of such other agencies as the Secretary deems appropriate, is hereby authorized to take such actions, including the promulgation of rules and regulations, and employ all powers granted to the President by IEEPA as may be necessary to carry out the purposes of this order. The Secretary may redelegate any of these functions to other officers within the Department of Commerce, consistent with applicable law. All departments and agencies of the United States Government are hereby directed to take all appropriate measures within their authority to carry out the provisions of this order.
(b) Nothing in this order shall be construed to impair or otherwise affect:
(i) the authority granted by law to an executive department or agency, or the head thereof; or
(ii) the functions of the Director of the Office of Management and Budget relating to budgetary, administrative, or legislative proposals.
(c) This order shall be implemented consistent with applicable law and subject to the availability of appropriations.
(d) Nothing in this order prohibits or otherwise restricts authorized intelligence, military, law enforcement, or other activities in furtherance of national security or public safety activities.
(e) This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.
DONALD J. TRUMP
You can visit a collection of all White House posts by clicking here.
Go Back
(i) voluntary information sharing and collaboration, among United States IaaS providers; and
(ii) information sharing between United States IaaS providers and appropriate agencies, including the reporting of incidents, crimes, and other threats to national security, for the purpose of preventing further harm to the United States.
(c) The report and recommendations provided under subsection (b) of this section shall consider existing mechanisms for such sharing and collaboration, including the Cybersecurity Information Sharing Act (6 U.S.C. 1503 et seq.), and shall identify any gaps in current law, policy, or procedures. The report shall also include:
(i) information related to the operations of foreign malicious cyber actors, the means by which such actors use IaaS products within the United States, malicious capabilities and tradecraft, and the extent to which persons in the United States are compromised or unwittingly involved in such activity;
(ii) recommendations for liability protections beyond those in existing law that may be needed to encourage United States IaaS providers to share information among each other and with the United States Government; and
(iii) recommendations for facilitating the detection and identification of Accounts and activities that involve foreign malicious cyber actors.
Sec. 4. Ensuring Sufficient Resources for Implementation. The Secretary, in consultation with the heads of such agencies as the Secretary deems appropriate, shall identify funding requirements to support the efforts described in this order and incorporate such requirements into its annual budget submissions to the Office of Management and Budget.
Sec. 5. Definitions. For the purposes of this order, the following definitions apply:
(a) The term "entity" means a partnership, association, trust, joint venture, corporation, group, subgroup, or other organization;
(b) The term "foreign jurisdiction" means any country, subnational territory, or region, other than those subject to the civil or military jurisdiction of the United States, in which any person or group of persons exercises sovereign de facto or de jure authority, including any such country, subnational territory, or region in which a person or group of persons is assuming to exercise governmental authority whether such a person or group of persons has or has not been recognized by the United States;
(c) The term "foreign person" means a person that is not a United States person;
(d) The term "Infrastructure as a Service Account" or "Account" means a formal business relationship established to provide IaaS products to a person in which details of such transactions are recorded.
(e) The term "Infrastructure as a Service Product" means any product or service offered to a consumer, including complimentary or "trial" offerings, that provides processing, storage, networks, or other fundamental computing resources, and with which the consumer is able to deploy and run software that is not predefined, including operating systems and applications. The consumer typically does not manage or control most of the underlying hardware but has control over the operating systems, storage, and any deployed applications. The term is inclusive of "managed" products or services, in which the provider is responsible for some aspects of system configuration or maintenance, and "unmanaged" products or services, in which the provider is only responsible for ensuring that the product is available to the consumer. The term is also inclusive of "virtualized" products and services, in which the computing resources of a physical machine are split between virtualized computers accessible over the Internet (e.g., "virtual private servers"), and "dedicated" products or services in which the total computing resources of a physical machine are provided to a single person (e.g., "bare-metal" servers);
(f) The term "malicious cyber-enabled activities" refers to activities, other than those authorized by or in accordance with United States law that seek to compromise or impair the confidentiality, integrity, or availability of computer, information, or communications systems, networks, physical or virtual infrastructure controlled by computers or information systems, or information resident thereon;
(g) The term "person" means an individual or entity;
(h) The term "Reseller Account" means an Infrastructure as a Service Account established to provide IaaS products to a person who will then offer those products subsequently, in whole or in part, to a third party.
(i) The term "United States Infrastructure as a Service Product" means any Infrastructure as a Service Product owned by any United States person or operated within the territory of the United States of America;
(j) The term "United States Infrastructure as a Service Provider" means any United States Person that offers any Infrastructure as a Service Product;
(k) The term "United States person" means any United States citizen, lawful permanent resident of the United States as defined by the Immigration and Nationality Act, entity organized under the laws of the United States or any jurisdiction within the United States (including foreign branches), or any person located in the United States;
Sec. 6. Amendment to Reporting Authorizations. Section (9) of Executive Order 13694, as amended, is further amended to read as follows:
"Sec. 9. The Secretary of the Treasury, in consultation with the Secretary of State, the Attorney General, and the Secretary of Commerce, is hereby authorized to submit the recurring and final reports to the Congress on the national emergency declared in this order, consistent with section 401(c) of the NEA (50 U.S.C. 1641(c)) and section 204(c) of IEEPA (50 U.S.C. 1703(c))."
Sec. 7. General Provisions. (a) The Secretary, in consultation with the heads of such other agencies as the Secretary deems appropriate, is hereby authorized to take such actions, including the promulgation of rules and regulations, and employ all powers granted to the President by IEEPA as may be necessary to carry out the purposes of this order. The Secretary may redelegate any of these functions to other officers within the Department of Commerce, consistent with applicable law. All departments and agencies of the United States Government are hereby directed to take all appropriate measures within their authority to carry out the provisions of this order.
(b) Nothing in this order shall be construed to impair or otherwise affect:
(i) the authority granted by law to an executive department or agency, or the head thereof; or
(ii) the functions of the Director of the Office of Management and Budget relating to budgetary, administrative, or legislative proposals.
(c) This order shall be implemented consistent with applicable law and subject to the availability of appropriations.
(d) Nothing in this order prohibits or otherwise restricts authorized intelligence, military, law enforcement, or other activities in furtherance of national security or public safety activities.
(e) This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.
DONALD J. TRUMP
- Contact: White House
- Press Office
Home
Contact
About
Service Rates
Privacy Policy
Follow on Facebook
Subscribe to Newsletters
Rss Feed
Keywords
Eastern NC Now & ENC NOW © Copyright 1998-2024 All Rights Reserved.
