Apparently someone with security knowledge has been involved in the revisions so far. Rash writes. "The new EO also speaks clearly about the need to modernize the U.S. government’s antiquated data systems, to keep software and systems updated and to make sure the latest security practices are followed. The order also requires full assessments of government agency's cyber-security status and to report it to the White House."
The proposed EO's latest revisions also discusses risk management in detail and it discusses the risk of outdated systems:
The draft order says, “Known but unmitigated vulnerabilities are among the highest risks faced by executive departments and agencies (agencies). Known vulnerabilities include using operating systems or hardware beyond the vendor's support lifecycle, declining to implement a vendor's security patch, or failing to execute security specific configuration guidance.”
The problem with the approach is that it comes from a President who continues to use an older, unsecured, Samsung Galaxy cell phone on a constant basis despite having been provided a secure smartphone like the one used by his predecessor.
And, of course, we've no idea what will happen to the EO before any final revisions are made. Interesting reading, in the meantime.