Trump Administration's Policy On Cybersecurity

Uploaded on 2017-04-10 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

President Trump's administration is expected to push for increased cybersecurity spending in US government, but also for increased digital surveillance and encryption work-arounds.

That's the view of some cyber-security policy experts, who said they expect Trump to focus on improving cybersecurity at federal agencies while shying away from new cyber-security regulations for businesses. 

Trump is likely to look for ways for the National Security Agency and other agencies to assist the government and companies in defending against cyber-attacks, said Jeffrey Eisenach, a visiting scholar at the American Enterprise Institute and a tech adviser during Trump's presidential transition.

"Cyber has to be top of mind for any view of the United States' global strategy," Eisenach said recently during a discussion about Trump's cybersecurity priorities. "If you're not thinking of cyber first, I don't know what you should be thinking about."

A proposed executive order from Trump on cybersecurity was leaked in January, but its formal release was postponed. Beyond the leaked drafts, it's difficult to read the tea leaves of a Trump cyber policy, other cyber-security experts said. 

Given Trump's focus on fighting terrorism during his presidential campaign, he's likely to push for greater surveillance powers, said Adam Klein, a senior fellow at the Center for a New American Security. A foreign surveillance provision in US law is set to expire at the end of the year, and Klein expects the Trump team to push for unfettered re-authorisation.

Trump "campaigned on vigorous counter-terrorism efforts, and that is likely to lead his approach on surveillance and privacy issues," Klein said. Trump may move away from former President Barack Obama's attempts to balance privacy and national security, he said. 

The Department of Homeland Security has already talked about demanding social media passwords during border searches, Klein said. While he said he doubts the searches will happen, the discussion "suggests we're in a new era here," he added.

Meanwhile, Trump and new Attorney General Jeff Sessions have both criticised tech companies' resistance to encryption backdoors, Klein noted. Both called on Apple to assist the FBI with unlocking a terrorism suspect's iPhone last year. Even if Congress doesn't pass encryption legislation, the Department of Justice could aggressively sue tech companies that refuse to break encryption, he said.

While Trump initially pushed for the cyber-security executive order, related issues now seem to be on the backburner in his administration as he focuses on a travel ban from Muslim-majority countries, building a border wall, and other issues, said Denise Zheng, director of the Technology Policy Program at the Center for Strategic and International Studies.

Drafts of the executive order assigned each cabinet official more responsibility for the safety of data within their agencies. Trump has also called for agencies to modernise their IT systems as a way to improve cyber-security.

One of the main cyber-security issues going forward is Russian hacking and its impact on the presidential election, but that's a "tough issue" for Trump to tackle, Zheng said.

Trump should focus on encouraging agencies and companies to share cyber-threat information and on modernising government IT systems, recommended Steve Grobman, CTO of Intel Security. The government's legacy IT systems "were not designed to make use of modern security best practices," he said.

To help with private-sector cyber-security, Trump should look for ways to expand cyber-security training programs, Grobman recommended.

And instead of regulations, Trump could look at tax breaks as a way to encourage companies to improve their cyber-security, he added. "Positive incentives, rather than punitive regulations, will help produce real results," he said.

Grobman also called on the Trump administration to resist any urges to require encryption backdoors in tech products. Encryption backdoors in devices may prompt criminals to move to other encryption technologies that device makers have no control over, he said.

"We need to test whether we're solving the problem with the solution that's being recommended," he added.

Computerworld

Tech Companies Oppose Trump’s Travel Ban:

Anonymous To Trump: You will ‘Regret’ Next 4 Years:

Trump Offers A Cyber Security Warning:

 

 

« Are Employees Your Weakest Link When It Comes To Security?
US Buys Mysterious ISIS Drone Killer »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Blue Frost Security

Blue Frost Security

Blue Frost Security provides high-level IT security consulting, penetration testing services, ISO 27001 Solutions, PCI compliance solutions and training.

Vera Security

Vera Security

Vera is a data security platform that provides 360-degree visibility and control over critical business data, anywhere it's shared or stored.

Secure Technology Alliance

Secure Technology Alliance

Secure Technology Alliance is a multi-industry association working to stimulate the adoption and widespread application of secure solutions.

Flexential

Flexential

Flexential helps organizations optimize their journey of IT transformation while simultaneously balancing cost, scalability, compliance and security.

Intersec Worldwide

Intersec Worldwide

Intersec Worldwide is a boutique Information Security Firm specializing in PCI Compliance, Assessment, Remediation, Forensics, Data Breach Investigations, Incident Response and IT Managed Services.

CyberForce Program - US Department of Energy

CyberForce Program - US Department of Energy

The Department of Energy’s (DOE) CyberForce Program is a workforce development program that seeks to inspire and develop the next generation of cyber defenders for the energy sector.

Edvance

Edvance

Edvance operates a range of cybersecurity businesses including value added cybersecurity solutions distribution, security technology innovation and development, and SaS solution offerings.

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory is a manufacturer of military security and data destruction equipment for sensitive, classified, and secret information.

DataTribe

DataTribe

DataTribe is a cyber startup foundry, leveraging deep experience and expertise to build and launch successful product companies.

Edgile

Edgile

Edgile is the trusted cyber risk and regulatory compliance partner to the world’s leading organizations, providing consulting, managed services, and harmonized regulatory content.

Association of anti Virus Asia Researchers (AVAR)

Association of anti Virus Asia Researchers (AVAR)

AVAR's mission is to prevent the spread of and damage caused by malicious software, and to develop cooperative relationships among anti-malware experts in Asia.

Guernsey

Guernsey

Guernsey provides a wide range of engineering, architecture and consulting services to multiple markets, including cybersecurity consulting and CMMC certification.

HackNotice

HackNotice

HackNotice Teams is an all-in-one encompassing tool that monitors threats within your organization, different vendors, and third parties whose services you use.

KnoTra Global

KnoTra Global

KnoTra Global is a next-generation Managed Service provider with a portfolio of services including Cybersecurity Solutions, Network Management, IT Leadership, and Day-to-Day Helpdesk and IT services.

Xeliumtech Solutions

Xeliumtech Solutions

Xeliumtech Solutions are a Digital Transformation partner with quality offerings in Mobile App Development, Ecommerce, Devops, RPA, AI, IoT development, Cybersecurity and more.

Harmonia Holdings Group

Harmonia Holdings Group

Harmonia Holdings Group was born in 2006 with the vision to bring innovation and change to the federal IT sector.