Policy direction will likely hinge on the strength of the cyber team he appoints.
Authored by Greg Garcia
Cybersecurity policy-making over the years, from Capitol Hill to the Executive Branch, has for the most part been incremental.
This year and into next, the Department of Homeland Security will reorganize its cybersecurity and infrastructure protection offices, but there could be pushback from Congress.
The encryption debate will continue to be a can kicked down the road. Congress might continue to contribute by giving DHS the statutory authority to do what the agency has already been doing, while efforts to expand information sharing and incident response are proceeding tentatively.
And the upcoming December report of the President’s Commission for Enhancing National Cybersecurity and the appointment of Greg Touhill as the first federal CISO in the White House will tee up a platform for the next White House to build on the modest successes of the past year.
Trump did not offer a cohesive cyber policy during his campaign, indicating a general business preference for less regulation, while also saying he would close off parts of the internet and force Apple to decrypt and open its mobile operating system to government surveillance. He also has said he would call on the Department of Justice to create a task force “to crush this still-developing area of crime.” These pronouncements suggest a more interventionist stance with respect to privacy and security in the networked world.
On his engagement with surveillance and intelligence policy, Trump might first need marriage counseling with the intelligence community, whose assessments about Russian cyber hacking he publicly doubted during his debate with Secretary Clinton. This vote of no confidence in career civil servants who take their intelligence analysis business very seriously may initially jeopardize coherent formulation and execution of policy related to encryption, warrant-less wiretapping, foreign government collection orders for commercial data, and international norms for cybersecurity engagement.
Policy direction will likely hinge on the strength of the cyber team he appoints. Absent clear direction from the White House, Trump’s cyber leadership could fall back on the approach articulated in the 2016 Republican Platform, which calls for “diplomatic, financial, and legal pain, curtailing visas for guilty parties, freezing their assets, and pursuing criminal actions against them.”
The platform sees the government going “on the offense” and giving users “a self-defense right to deal with hackers as they see fit.” Finally, the Republican manifesto envisions a cyber insurance market, supply chain protection “against contamination of components made all over the world” and expansion of the nation’s cyber workforce “with the assistance of the military, business, and hacker communities to better protect our country.”
Whether a Trump White House goes along with any of this will depend on the strength of the cyber team he puts in place and his willingness to defer to their judgment. Early rumors of House Homeland Security Committee Chairman Mike McCaul being on the short list for DHS secretary would certainly confer on that agency the cyber and homeland security credibility and judgment the new administration needs at the helm.