Trump, Twitter, and the Tide of Cybersecurity: Picks of the Week
Obama officials: There is hope for cybersecurity under Trump | The Christian Science Monitor
At RSA, doubts abound over US action on cybersecurity | CSO Online
The Rules of the Brave New Cyberworld | Foreign Policy
This year’s RSA Conference—one of the largest cybersecurity conferences in the world—broke attendance records with over 40,000 participants, including cyber professionals, academics, and public servants. Although the conference has historically been focused primarily on security tools and technologies, it has increasingly attracted policy-makers and government officials as both attendees and keynote speakers in an effort to obtain the government’s views on cybersecurity, to facilitate government interaction with cyber experts, and to encourage the tech industry to work collaboratively with the government.
Markedly absent from the crowd this year, however, were officials from the Trump Administration.
While no one from the current administration appeared to be in attendance, the impact of ‘cyber insecurity’ on government was widely discussed, as many panels and side events explored cybersecurity policy and government responses to cyber attacks. A leaked draft of an executive order on cybersecurity provided the fodder for much of the discussion, however the order itself has been in limbo as the Trump Administration remains entangled in controversy around its other executive orders and actions.
The leaked draft of the executive order on cybersecurity received mixed responses from the community of cyber professionals and industry experts, largely because there was not much in it beyond past policies established by the Obama administration, and a request for federal agencies to report back to the White House within 60 to 180 days.
In the meantime, there is an increasing push in Congress for a full investigation over the alleged Russian meddling in the 2016 presidential election. The Trump Administration’s plans to improve U.S. cybersecurity for the government and the private sector—or to commit to any sort of norms of state behavior in cyberspace—remain unclear. On the campaign trail, Mr. Trump had vowed to make cybersecurity a top priority if he were elected, and even promised comprehensive reports from intelligence officers on hacking by foreign actors.
The reality of governing has seemed to transcend the promises of the campaign trail, however, as cybersecurity appears to have taken a backseat to other issues facing the Trump Administration. Some of the participants at the RSA conference, such as Virginia State Governor Terry McAuliffe, suggested that instead of waiting for the federal government to act, it might be up to the states to assume a larger role in promoting cybersecurity. Indeed, as I have argued before, states cannot wait for the federal government to provide all responses and solutions before taking action, and they must start developing comprehensive strategies to strengthen their cybersecurity posture, improve their cyber resilience, and ensure that their citizens can rely on safe and secure Internet connectivity.
In an effort to address cybersecurity headwinds, various committees, think tanks, and experts have published a variety of policy proposals and reports in recent months for the Trump Administration to consider, and have emphasized that the new president begins his tenure at a time of considerable cyber risk to the U.S. government and businesses, and a growing public awareness of these issues.
As cyber threats continue to grow in scope, volume, and sophistication, however, there are relatively few indications as to how the Trump Administration will approach the significant cybersecurity challenges that the government will need to address both domestically and internationally, and how it will prioritize competing interests. It remains to be seen how an administration highly skeptical of active government regulation will contend with a problem that, because of its scope, will likely require the federal government to take a leading role. It also remains unclear whether the President’s use of Twitter will eventually bring cybersecurity issues to the forefront.