The Federal government will continue to follow Biden-era cybersecurity strategies – including maintaining the current approach to safeguarding critical infrastructure and data – until and unless the Trump administration decides to point priorities in a different direction, a senior cybersecurity official at the State Department said on March 6.
Manuel Medrano, director of the Office of Cyber Monitoring and Operations for the Bureau of Diplomatic Security at the State Department, explained that’s business as usual in change-overs in presidential administrations.
“We are continuing the work because at the end of the day we still need to continue to protect and defend our networks and our data,” Medrano said during an ATARC event.
Unlike with Biden’s AI policies, President Trump has left intact Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by Biden in 2021. The order directed Federal agencies to adopt cloud services and transition to zero trust security architectures to strengthen cybersecurity over the long term.
Under the order, Federal agencies were required to submit updated zero trust implementation plans to the Office of Management and Budget by November 2024. Medrano confirmed that the State Department submitted its plan by that deadline.
Legacy System Modernization Demands Aggressive Deadlines
Medrano also emphasized the need for aggressive deadlines and clear milestones in the ongoing push to modernize legacy systems, which continues to be a challenge across the Federal government.
He explained that at the State Department cybersecurity leaders are making decisive choices to “[move] away from our legacy systems … it’s decisions that we have to make [with] an aggressive deadline and clear milestones to then show that we’re becoming more efficient, and also protecting the data,” Medrano said.
He further explained the challenges of transitioning from legacy systems, stressing the importance of aggressive deadlines and clear milestones to enhance data protection and improve efficiency.
“It’s becoming more of a risk to use these legacy systems, because we’re still so used to protecting everything behind the firewall,” Medrano said. “Moving to new systems is not that difficult. It just requires better coordination, and then you have to make some hard decisions.”
