Trump Should Follow Obama’s Cybersecurity Lead: Analysts

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jimmy H. Koo and Daniel R. Stoller

Dec. 5 — President-elect Donald Trump should choose carefully from the White House’s recommended cybersecurity best practices and policies menu, analysts say.

The Commission on Enhancing National Cybersecurity's report looks at “different paradigms for what cybersecurity means for national security as well economic security,” and reconfigures what companies and government agencies need to do to “manage and mitigate cybersecurity risks,” Norma M. Krayem, senior policy adviser at Holland & Knight LLP in Washington and co-chair of the firm’s Cybersecurity and Privacy Team, told Bloomberg BNA Dec. 5.

Companies need to look at lessons learned from successful partnerships with the government and also identify where there are rooms for improvement, she said. “Proactive relationships with the government have great benefits for companies,” Krayem said.

Obama Commissioned Report

The commission was created within the Department of Commerce as a part of President Barack Obama’s $19 billion Cybersecurity National Action Plan, proposed Feb. 9. The commission consists of 12 private and public stakeholders across various sectors appointed by the president.

Cybersecurity concerns shouldn’t be a new phenomenon for Trump, who has focused on the issue through a national security lens. Whether Trump will follow up on cybersecurity campaign promises or adopt the recommendations in the White House report remains to be seen.

Ari Schwartz, managing director of Cybersecurity Services at Venable LLP in Washington, told Bloomberg BNA Dec. 5 that the Commission on Enhancing National Cybersecurity’s report is a “menu for the next administration.” It is a good first step for the Trump administration in formulating its cybersecurity policies, Schwartz, a former special assistant to the president and senior director for cybersecurity on Obama’s National Security Council, said.

The commission Dec. 2 urged Trump in a 100-page report to strengthen public-private sector collaboration, update legacy information technology systems, accelerate investments in the digital economy and build cybersecurity workforce capabilities, among other recommendations.

Kiersten Todt, executive director of the commission, said Dec. 5 during a press briefing at policy think tank New America, that she expects officials from the Obama administration to meet with the Trump transition team in the coming weeks to discuss the report’s recommendations.

The Trump transition team didn’t immediately respond to Bloomberg BNA’s e-mail request for comments.

Cybersecurity Recommendations for Trump

The Trump administration will be faced with tackling cybersecurity threats in his first 100 days in office. The president-elect will have a full plate of cybersecurity offerings when he enters the White House.

U.S. Department of Commerce Secretary Penny Pritzker said in a recent statement that the report “provides a path forward for government, the commercial sector, consumers and educators to address” the cybersecurity challenges ahead. The report shows the “need for collaboration among public and private sectors” to boost U.S. cybersecurity, privacy and national security interests. Pritzker is expected to deliver a speech on the cybersecurity report Dec. 6. at the USTelecom’s National Cybersecurity Policy Forum.

Todt, who was appointed to the cybersecurity commission by Pritzker, said that an essential issue for the incoming administration is to focus on “which agency or government group is responsible” for cybersecurity. The report was a nonpartisan effort written for whichever party that won the White House, she said.

Cybersecurity concerns aren’t a “tangential issue,” Todt said. The next administration needs to show U.S. companies and government agencies that securing its “weakest security link is the most important thing for cybersecurity,” she said.

The report provided cybersecurity recommendations for the next administration. Schwartz agreed with the commission’s recommendation that the government should update legacy IT systems.

“Anyone that has worked with government agencies at any level will understand that legacy systems are problematic,” he said. Securing these systems is a “priority” for the incoming administration Schwartz said.

According to Krayem, the commission’s recommendations are compatible with the Trump administration’s cybersecurity plans. Trump’s transition team has said that cybersecurity is in the administration’s top 10 priorities and is also an action item in the first 100 days, she said.

“Looking at the recommendations through this lens, there are more than enough recommendations” that the Trump administration will likely pursue, Krayem said.

However, it’s unclear whether the Trump administration will adopt the recommendations wholesale. Every administration wants to put their stamp on policies, she said.

To contact the reporter on this story: Jimmy H. Koo in Washington at jkoo@bna.com; Daniel R. Stoller in Washington at dstoller@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law Privacy and Data Security