Trump memo expands NSA role in cyber defence
Washington, June 13
US President Donald Trump signed a sweeping national security memorandum that expands the authority of the National Security Agency, restructures oversight of government cyber networks and sets new cybersecurity requirements for systems used by the US military, intelligence agencies and other national security institutions.
The memorandum establishes what the White House described as a new framework for protecting National Security Systems (NSS), saying the United States must be able to conduct military and intelligence operations in "contested cyber environments" while ensuring government personnel have access to secure technology.
"It shall be the policy of the United States Government that these systems be defended to the greatest extent practicable," the memorandum states.
The directive re-establishes the Committee on National Security Systems (CNSS), an interagency body that will coordinate cybersecurity policy across defence, intelligence and civilian agencies that operate national security networks.
The memorandum also designates the Director of the NSA as the National Manager for National Security Systems, giving the agency a central role in identifying cyber threats, setting technical standards and coordinating responses to major cybersecurity incidents.
According to the document, the National Manager will be empowered to "identify emerging threats, advise the CNSS, issue emergency directives, provide authoritative minimum requirements for cryptology and cryptographic systems" and direct technical security measures across government networks.
The new policy replaces two earlier presidential directives, including a 1990 national security directive and a 2022 memorandum on cybersecurity for defence and intelligence systems.
Under the memorandum, agencies operating National Security Systems will be required to comply with cybersecurity directives issued by the CNSS. The committee will also establish baseline security requirements and oversee implementation across government.
The document authorises the CNSS to direct agencies to take specific actions when facing a known or suspected cyber threat, vulnerability or risk. It further states that National Security Systems must meet or exceed cybersecurity standards issued by the National Institute of Standards and Technology, unless alternative standards are approved by the committee.
The NSA will also be responsible for assessing the overall cybersecurity posture of National Security Systems across the federal government, evaluating vulnerabilities, providing technical assistance and coordinating research and development efforts.
In cases involving serious cyber threats, the National Manager will be able to issue emergency directives requiring agencies to take immediate action to protect sensitive networks.
The memorandum sets a series of implementation deadlines. The CNSS must update its governing procedures within 30 days, issue a cybersecurity roadmap within 60 days and review existing cybersecurity policies within 90 days. Agencies will also be required to maintain annual inventories of all National Security Systems under their control.
The order additionally directs federal agencies to strengthen incident reporting procedures and develop more secure cloud computing standards for sensitive government operations.
Cybersecurity has become a growing focus of US national security policy as officials warn of increasingly sophisticated cyber operations by foreign adversaries targeting government networks, defence systems and critical infrastructure.
In recent years, Washington has moved to strengthen cyber defences following a series of high-profile breaches and concerns over the vulnerability of sensitive federal systems. National Security Systems generally include networks used for military operations, intelligence activities and the handling of classified information.
— IANS
Reader Comments
This seems like a sensible consolidation of cyber authority. The US government networks are frequent targets, and having one agency coordinate responses makes sense. But giving the NSA this much power makes me uneasy—they've been caught overreaching before. Need strong oversight.
Classic US: centralising power in times of perceived threat. As an Indian, I watch these developments closely. Our own CERT-In and NCIIPC handle similar functions, but we lack the budget and technical depth the US has. Hopefully, this move makes their systems more secure, but I fear it could lead to more aggressive cyber operations abroad.
Finally! The old 1990 directive was hopelessly outdated. We're facing state-sponsored hackers daily, and this gives the NSA the authority to act quickly. The emergency directive clause is crucial—no more bureaucratic delays when a breach is happening.
Only one concern yaar: who watches the watchers? The NSA has a history of collecting data on innocent people, including Indian citizens. We saw the Snowden revelations. This memo might improve US security, but what about privacy? Every country needs secure systems, but not at the cost of fundamental rights.
As a cybersecurity professional, I see both pros and cons. Consolidating standards under the NSA ensures consistency, but centralisation also creates a single point of failure. The 30/60/90 day deadlines for updates are aggressive—let's see if agencies can meet them. Cloud security standards are especially needed with all the government data moving to the cloud.
We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.