What Direction Will Trump Take on CyberSecurity?
Last week, President-Elect Donald Trump signaled that cybersecurity is an imminent challenge that requires immediate attention by announcing the creation of a Cyber Review Team to provide recommendations during the first 100 days of his presidency.
In addition to a focus on trade, energy, regulations, national security and immigration, Trump plans to include cybersecurity as a top priority, but many in the industry believe Trump will be less focused on specific policy than on pragmatic outcomes. Reports say Trump vows to roll back regulations by making a rule that, for every new regulation proposed, two older ones must be repealed.
But an aggressive cybersecurity platform could be at odds with privacy. For example, during the campaign, Trump sided with an FBI-backed court order forcing Apple to give investigators a backdoor into the iPhone used by a shooter during the December 2015 attack in San Bernardino, CA.
Experts at Sword & Shield say that it’s not enough for a president to ask the Department of Defense and others to develop a comprehensive plan, Trump should present the nation with a clear focus. This focus should be developed by professionals who have an intimate knowledge of cybersecurity and infrastructure and the developing threat landscape.
Sword & Shield Enterprise Security Consultant Joe Gray said the country should focus on shoring up its network defenses but not for sheer sake of deterrence. This should be done as part of a bigger effort to combat cybercrime and attacks on a more aggressive front by creating a separate cybersecurity agency independent of the NSA, separating the NSA from the Department of Defense, or finally splitting US Cyber Command (CYBERCOM) from NSA.
“As a businessman, President-Elect Trump should already understand the value of cybersecurity to an organization. The key in this scenario is whom he surrounds himself with and their position on cybersecurity,” Gray said. “One step in the right direction may be to move the Federal CISO position to a position with actual oversight over our nation’s cybersecurity assets, as the current position reports to the Federal CIO, which is a position within the OMB (the US Office of Management and Budget). Being in OMB, this puts the CIO and CISO in a position to make budgetary decisions, but grants little power in promulgating policy and enforcing it across agencies.”
“It will be interesting to say the least in terms of what Trump will institute and how he will go about it,” he added. “How will he approach ransomware? Internet of Things (including security and DDoS mitigation)? Nation-states and APT? Industrial Control Systems (ICS) and Critical Infrastructure? Online Terrorism? Encryption and Privacy? Neither candidate made the answer to any of these questions abundantly clear.”
No matter how Trump intends to move forward, in a year in which foreign-state hacking was blamed for influencing the 2016 presidential election, expect cybersecurity to continue to be a hot-button issue.