Today, President Donald J. Trump signed an Executive Order that closes a longstanding, critical, security loophole for United States Infrastructure as a Service (IaaS) products, one abused by those seeking to harm our country. Building upon the Trump Administration’s unprecedented actions to prevent malign actors from infiltrating our information technology and communication and services (ICTS) supply chains, this Executive Order, “Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities,” reduces malign actors’ access to and ability to use United States ICTS products for nefarious purposes.
Foreign malicious cyber actors threaten our economy and national security through the theft of intellectual property and sensitive data, and by targeting United States critical infrastructure. By gaining access to United States IaaS products, foreign actors can steal the fruits of American innovation and prepare destructive attacks on our Nation’s critical infrastructure with anonymity. Malign actor abuse of United States IaaS products has played a role in every cyber incident during the last four years, including the actions resulting in the penetrations of United States firms FireEye and Solar Winds.
Today’s action by the President is a major step forward in giving our Nation’s network defenders and investigators an advantage in protecting the American people from those wishing to do us harm.