All federal agencies must create and submit a risk management report to DHS and OMB within 90 days detailing their IT security profile per an Executive Order issued by the President last week that is the biggest attempt so far to get agencies to comprehensively modernize their IT infrastructure.  Protecting critical networks and infrastructure are two of the EO’s three broad themes, along with securing the nation through deterrence, international cooperation and the workforce.  The over-riding theme of the EO, however, is centralization.  The White House made clear it does not want each agency running off doing its own thing, but rather strongly encourages the use of shared services.  Federal agencies need to seek enterprise-level solutions and realize that the actions of each can impact the other.  “…From this point forward, the departments and agencies shall practice what we preach and implement that same framework for risk reduction”, stated Tom Bossert, assistant to the President for homeland security and counterterrorism.  The specific framework Bossert was referring to is the NIST Framework for Improving Critical Infrastructure Cybersecurity.  The one thing the EO does not do is provide new money for modernization efforts to take place. That will be left to Congress.