Donald Trump’s decisive win in this year’s presidential election promises to deliver radical changes to how the US government operates.Trump’s positions on a range of social, economic, and military issues, from immigration to human rights to the defense of Ukraine, represent significantly different postures from those of the current Biden administration and are arguably more hardline than any of the policies Trump adopted during his first administration.But experts say the incoming Trump administration’s cybersecurity policies will most likely resemble traditional and predictable governance, not radical departures from the past. They expect this constancy to be true despite Trump’s nomination of unconventional and inexperienced individuals for cabinet positions that oversee significant US government cyber activities.Moreover, one main cybersecurity arm of the US government that organizations have come to depend on, the Cybersecurity and Infrastructure Security Agency (CISA), will likely continue to exist, albeit stripped of its relatively minor role in managing election disinformation, despite the push by some to eliminate the agency.Elon Musk’s government cost-cutting effort provides some uncertainty, but the upshot of this continued, relative normality for cybersecurity policy is that CISOs and security professionals can expect a degree of certainty and stability as the US heads into a second Trump administration.According to Adam Darrah, vice president of Intelligence at ZeroFox, the cybersecurity world can take a breather, at least for now. “I don’t think there’s any cause for concern about cybersecurity policy under Trump any more than there was under the Biden administration, which quite frankly did a nice job with cybersecurity.” Most experts with government experience predict that the next Trump administration will be characterized more by continuity than disruption regarding cybersecurity. Part of their faith stems from cybersecurity’s mostly bipartisan nature.”I still think cybersecurity is a bipartisan initiative, even if it has become more politicized over time,” Chris Painter, former top US cyber diplomat and senior US government official, tells CSO.Michael Daniel, CEO of the Cyber Threat Alliance, agrees. Cybersecurity “is not an area where there’s a lot of bipartisan disagreement,” he says. “Based on [Trump’s] track record from the first term, I don’t think there will be a huge divergence from that.””If you look back at the first Trump administration’s work on cybersecurity, the cyber policies that CISA pursued then were similar to the ones that the Obama administration pursued, which were similar to the ones that were more evolutionary off the ones the Bush administration had pursued,” Daniel adds. “There was a lot of continuity in there.Earlier this year, Daniel and dozens of other former government officials across five administrations participated in an effort by the McCrary Institute at Auburn University to develop 40 cybersecurity recommendations that constitute a plan of action for the winning party’s presidential transition task force.Obama White House veteran Daniel says, “If you look at things like the McCrary Institute report, that was very bipartisan and had everybody from me to [Trump homeland security advisor and current head of Trinity Cyber] Tom Bossert and [George W. Bush homeland security advisor and current head of the McCrary Institute] Frank Cilluffo and [former assistant secretary of homeland security for cyber under Trump] Matt Hayden and other people from both sides of the aisle. While there were some disagreements, we quickly came to a consensus on what needed to be done.”Mark Montgomery, senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies and one of the leaders behind the McCrary Institute report, tells CSO: “If you had any other issue, such as union labor versus management contracting, there’d be a zillion differences. But with cyber, there’s a lot of agreement. Not that anyone gets anything done, but there’s agreement on what ought to be done.”
Intelligence operations likely to remain unaffected despite nominees
Trump’s pick for the Director of National Intelligence has raised concerns in the intelligence community, but several former government officials say the US intel establishment will probably carry on as it always has.One frequently repeated concern is the danger this and other Trump picks, including his Homeland Security choice, pose to the solid intel relationships among the Five Eyes partners, which include Australia, Canada, New Zealand, the United Kingdom, and the United States. “A consideration that I would be concerned about is how you maintain some of those relationships and the sharing and other things when that relies on trust,” Daniel says.But most experts say bureaucratic momentum and enduringly good relationships among analysts will keep US intel alliances in good shape. “What you’re still going to find is the rank and file, which includes very powerful capabilities, are still going to collaborate,” David Brumley, CEO of Mayhem Security, tells CSO. “We’re still going to have the Five Eyes. We’re still going to share information about the normal targets. Where we’re going to see big changes on this is at the higher levels. People are going to be less trustworthy about sharing important information.””Trump is likely to be more disruptive,” Jim Lewis, SVP and director of the CSIS technology and public policy program, tells CSO. “But the Five Eyes relationship is so longstanding that you just can’t unwind it. So, Five Eyes is unlikely to change as a result.”ZeroFox’s Darrah, who served as a CIA analyst under both the Obama and Trump administrations, is a big believer in the US intel system. “The relationship with the Five Eyes specifically is so robust and healthy that it would take a radical shift in policy to change things,” he tells CSO.
CISA will likely survive
One of the biggest cybersecurity fears about a Trump presidential victory is that he would eliminate DHS and CISA, as advocated in a presidential blueprint drawn up by the Heritage Foundation. And although one Trump-friendly Senator is still advocating for CISA’s dissolution, it appears unlikely that will happen.One factor helping to ensure CISA’s continued existence is the enormous challenge of deporting millions of immigrants, a key plank of Trump’s campaign platform. DHS, the agency housing CISA, will almost certainly be responsible for much of the planning for this unprecedented and costly task.”Given this administration’s focus on anti-immigrant activity, I suspect that is where most of the DHS secretary’s focus will be,” Daniel says. “I’m going to be much more interested to see who they name as an undersecretary and who they name as the head of CISA in terms of where the cyber policy might be going. I will be more interested in those names because I find it difficult to believe that the Homeland Security secretary will spend much time on those cybersecurity issues.”One notion under Project 2025 was to break up CISA and put whatever cybersecurity parts that were left inside the Department of Transportation. “The political calories you would have to expend to move CISA over somewhere else, it’s just not worth the candle,” says Daniel. “It’s hard for me to imagine that would be a high priority for anybody.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3610683/cybersecurity-policy-and-practice-likely-to-remain-little-changed-after-trump-takes-the-reins.html
