Trump May Aggressively Push Cybersecurity Plan

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

Nov. 9 — President-elect Donald Trump may aggressively push cybersecurity policy in his first 100 days in office, cybersecurity professionals told Bloomberg BNA Nov. 9.

Trump's victory over Hillary Clinton has intensified uncertainty over the president-elect's various policies. However, companies across the globe and concerned citizens may be able to look to Trump's cybersecurity efforts for stability and even forward progress on what is largely a bipartisan issue.

Kendall C. Burman, cybersecurity & data privacy counsel at Mayer Brown LLP in Washington, said that even before he takes office, Trump “has a lot coming at him in the next 70 days in the transition period.” He'll have to “wrestle with cybersecurity given it is an issue that cuts across so many agencies that has so many players involved.”

After Trump is sworn in as president, he will be faced with crafting his policy agenda for the first 100 days. It is expected that the president-elect is “pro-national security and law enforcement, in respects to cybersecurity, which is different from the past administration,” Burman, who also was involved in President Obama's 2008 transition, said. Trump will be faced with keeping the “delicate balance between business interests and national security,” she said.

Andrew Howell, a cybersecurity partner at Monument Policy Group in Washington, said that Trump will be tasked with filling important cabinet positions in his first 100 days in office that will help shape U.S. cybersecurity policy for at least the next four years. “Trump’s transition team is hitting the ground running, looking to fill cybersecurity and privacy positions quickly,” he said. The transition team will rely on a “range of Republican sources as they seek to identify candidates,” Howell said.

Trump may also be successful in pushing his cybersecurity policy through Congress, Howell said. Cybersecurity “has long been a bipartisan issue” and this will “continue to be the case,” especially with “tight margins in the Senate,” he said.

Additionally, the president-elect's cybersecurity stance doesn't vary much from President Obama's policies. Chris Pogue, chief information security officer at cybersecurity incident response company Nuix North America Inc. in Herndon, Va., told Bloomberg BNA that Obama got the ball rolling on cybersecurity policy, but Trump may do a better job at implementing the cybersecurity agenda.

To do this Trump needs to “make organizations part of the solution” to prevent costly cyberattacks that have ripped into the heart of U.S. industry, Pogue said.

Make America Cybersecurity Great?

Trump focused his cybersecurity policy throughout the campaign on national security issues but later endorsed more specific plans.

Trump's cybersecurity platform focused on developing the “offensive cyber capabilities we need to deter attacks by both state and non-state actors and, if necessary, to respond appropriately.”

The platform also called for an “immediate review of all U.S. cyber defenses” by a “Cyber Review Team” made up of stakeholders from the public and private sectors. The team would be tasked with providing policy and technological recommendations to help combat “likely threats,” the platform said. The cybersecurity team will also be tasked with establishing “protocols and mandatory cyber awareness training for all government employees,” it said.

Howell said that private and public stakeholder groups allow the new president to “look at where government and private sector stand on cybersecurity.” Companies will be willing to “work with the new administration to help continually improve our nation's cyber defenses, which must continually evolve to match the threats of our adversaries,” he said.

U.S. tech companies and those that “rely on the internet to do their business will all continue to be part of the cybersecurity policy-making infrastructure, and play a constructive role in advancing our share cybersecurity interests,” Howell said.

The Cyber Review Team is similar to Obama's Commission on Enhancing National Cybersecurity, which was created by executive order Feb. 9 as part of the Cybersecurity National Action Plan (CNAP). The commission is made up of private and public stakeholders across various sectors. It is lead by former U.S. National Security Advisor Tom Donilon and former chairman and CEO of IBM Corp. Samuel Palmisano.

Pogue said that Trump needs to appoint those with a technical background into these positions. Regardless of what form the final cybersecurity review commission takes, Trump needs to appoint “technical experts” to important positions that “act like we are in a cyberwar with an active enemy.”

Driving Policy Implementation

The Republicans control a majority in both the House and Senate. President-elect Trump may have a better shot at implementing cybersecurity policies due to the congressional control.

Pogue said that Trump holds an advantage over Obama because of the congressional advance. Although Trump's cybersecurity stance isn’t far removed from Obama’s position, “Trump will be more willing to be aggressive” using both chambers of Congress to get his cybersecurity plan in place, he said.

Even with the partisan advantage, Trump may run into some of the same issues that Obama did. Burman said that Trump will still have to navigate through the murky waters because cybersecurity is more “non-partisan than bipartisan.” Any cybersecurity legislation passed “probably won't be a bipartisan issue” and Trump will have to reach a consensus even with a “real complicated interplay between a lot of interest,” she said.

At the end of the day, wrestling with uncertainty in cybersecurity is no different from other policy topics, Burman said. It does differentiate itself though because of “the progress made in the last eight years in terms of identifying and establishing key roles and players on cybersecurity,” she said.

To contact the reporter on this story: Daniel R. Stoller in Washington at dstoller@bna.com

To contact the editor responsible for this story: Donald G. Aplin at daplin@bna.com

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.