Skip to Content
Computing

Why Trump’s last-minute cyber order could have limited impact

One of the outgoing president’s last acts was to ask for more regulation and security for cloud computing companies.
Donald Trump waving goodbye
Donald Trump waving goodbye
President Donald Trump and first lady Melania Trump board Air Force One at Andrews Air Force BaseAP Photo/Manuel Balce Ceneta

The news: Hours before leaving the presidency, Donald Trump issued an executive order that requires American cloud computing companies to do more to verify the identities of their foreign customers. The stated aim is to help prevent hacking operations against the United States, although the timing and scope of the order mean it is surrounded by uncertainty.

What it says: The order instructs the Commerce Department to write new customer vetting regulations within six months for “infrastructure as a service” products offered by American tech giants such as Google, Microsoft, and Amazon. The new rules would set minimum customer identity verification standards and record-keeping requirements for cloud companies that sell to foreign customers. It includes sales made through resellers, which hackers have used in order to hide their identity before committing abuse. 

Late in the day: The timing of the executive order—which was announced on the evening of January 19, the end of Trump’s last full day in office—is exceptional. Not only did it arrive just as the curtains close on his presidency, but it comes in the wake of an extraordinary hacking campaign against American government agencies and major companies. US intelligence agencies say the Russian government is “likely” behind the espionage campaign, a charge Moscow denies. The full impact of the operation is still being calculated.

Uncertain impact: In a statement released last night, National Security Advisor Robert C. O’Brien said attacks of this nature “played a role in every cyber incident during the last four years, including the actions resulting in the penetrations of United States firms FireEye and SolarWinds.” But whether rules like this would actually stop foreign hackers in practice is a source of debate. And since the order was signed so late and will take months to have any impact, the question of whether it lasts in its current form falls to Joe Biden’s incoming administration. Any of Trump’s executive orders could be revoked or tweaked by the new president, who is expected to sign a wave of such orders quickly as he comes into office.

Deep Dive

Computing

child outside a destroyed residential building in Kiev
child outside a destroyed residential building in Kiev

Russia hacked an American satellite company one hour before the Ukraine invasion

The attack on Viasat showcases cyber’s emerging role in modern warfare.

hacked telecom concept
hacked telecom concept

Chinese hackers exploited years-old software flaws to break into telecom giants

A multi-year hacking campaign shows how dangerous old flaws can linger for years.

stock image of robots in a car plant
stock image of robots in a car plant

Transforming the automotive supply chain for the 21st century

Cloud-based tech solutions are helping manufacturers manage a new ecosystem of suppliers with greater agility and resilience.

inflection point post-NSO concept
inflection point post-NSO concept

The hacking industry faces the end of an era

But even if NSO Group is no more, there are plenty of rivals who will rush in to take its place. And the same old problems haven’t gone away.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.