Now that the inauguration and many of the Senate confirmation hearings are behind us, I’m starting to gather my thoughts as a security guy around cybersecurity policy in the new administration and where President Trump might take us all.
Let me state up front that I’m not an apologist for the President, nor do I plan to praise him. What I’m struggling with – along with many Americans – is understanding how President Trump will address cybersecurity issues.
What can we make of President Trump’s public statements on cybersecurity? Where will cybersecurity leadership come from and how will policy be shaped by the status quo and unforeseen foreign policy crises yet unimagined?
To restate the obvious, President Trump left us few gems during the debates and campaign, including:
- “The cyber.”
- “It also could be somebody sitting on their bed that weighs 400 pounds, okay?”
- “So we had to get very, very tough on cyber and cyber warfare.”
- “I have a son—he’s 10 years old. He has computers. He is so good with these computers.”
- “They could’ve had hacking defense, which we had.” (regarding the DNC hack)
Aside from lighting up Twitter, creating tons of internet memes and making many in the security community groan, I doubt there is much we can infer from Trump’s off-the-cuff remarks about cybersecurity during the debate. Couple these with his stream-of-consciousness remarks about Russians and hacking and we’re presented with a larger, arguably confusing body of work.
I tried to make sense of what he said, and I couldn’t. Then fellow Texan and Texas Tribune President Evan Smith, pointed me in the direction of political commentary written by Salena Zito of the Atlantic Magazine in the run-up to the November election. What Selena observed was that the press completely misread then-candidate Trump. In fact, she argued that:
While dismissing Trump, the media dissected every tweet. His supporters, however, took him completely seriously, giving him broad license to comment on whatever came to mind without giving it a second thought – likely because of their frustration with the status quo.
This struck a chord with me, offering several reasons to believe that regardless of what President Trump said on the campaign trail, cybersecurity policy will evolve under his term of office. In fact, we might even see progress on several fronts, for example:
- Take Him Figuratively, Not Literally. During previous administrations, policy makers would watch Sunday morning talk shows like “Face the Nation” or “This Week” to glean what policy shifts they could from senior members of the Executive Branch. They would dissect, analyze and debate what was said to adjust their own strategies. I would argue that with a Trump administration, you should look past the tweets and the talk show statements of his senior leadership to understand cybersecurity policy progress. As counterintuitive as it might seem, don’t take what is said literally. Look more at what Executive Orders President Trump authors, and what programs or rules Executive Branch agencies promulgate, and…
- Watch Who He Appoints to Key Positions. Regardless of what President Trump says, political appointees and senior executives below the POTUS will accomplish the real policy heavy lifting. This includes the White House Cybersecurity Coordinator, senior appointees at the DHS, as well as senior appointees at DoD. Notably, on January 23, Mike Pompeo was confirmed to lead the CIA. Pompeo supports government surveillance programs, but in contrast, believes that mandating backdoors to allow encrypted communications to be accessed would “do little good”. Rudy Giuliani will be helping to shape the administration’s cybersecurity efforts by communicating with corporate technology leaders. While Giuliani is not recognized as a cybersecurity guy, he will be surrounded by smart folks and will have the ear of the President. From my conversation with people that know him best, he’s also learned a ton about our industry over the last several years while leading his law firm, Bracewell Giuliani. There’s a chance that the former Mayor might be able to elevate the position of Cybersecurity advisor given his high profile. Finally, I suspect the incoming administration will focus on more pressing foreign policy challenges and domestic policy priorities and the detail on cybersecurity will be left to those most familiar.
- Look to the House and Senate for Leadership. Although much of the progress on cybersecurity in the last several years came from the Executive Branch in the form of the NIST and White House frameworks, there’s a decent chance that much of cybersecurity policymaking will shift to Capitol Hill in this administration. There are several pieces of promising legislation that are percolating in the House and Senate that have largely been held up by the standoff between both parties during the last session. Neither side wanted to give the other a win last year, but my hope is that there are certain non-red meat policy issues involving cybersecurity that might make it through. Now that both the House and Senate are in Republican hands with a Republican in the White House, there’s an opening. Look to guys like Representative Mike McCaul and Will Hurd in the House, as well as Senators Mo Udall in the Senate to author legislation that protects our critical infrastructure and helps protect our government from cyber-attacks.
How the next four years turn out for cybersecurity is still up for grabs, in fact, we could say that for all policy issues as we just don’t know if President Trump is crazy or crazy smart. Let’s hope during his administration we make more progress on cybersecurity issues that result in better protecting ourselves from the most obvious threat.