By the time President Trump signed his Cybersecurity Executive Order on May 11, it had taken on a mythic air. The administration had produced a series of drafts soon after the inauguration that leaked, circulated, provoked criticism, and motivated refinements. While the months-long wait for the final product felt Godot-like, it ultimately received bipartisan praise for its thoughtfulness. But now, more than 110 days since the clock started, eight deadlines have passed, with eight more quickly approaching.
Planning and information-gathering matters, but experts caution that for the EO to succeed long-term, it needs to exit this phase as quickly as possible. Beginning the urgent, proactive work of implementing a robust national cybersecurity posture and defending critical infrastructure can't wait, as destabilizing cyberattacks like the WannaCry and NotPetya ransomware outbreaks showed this summer.