Trump Administration's Policy On Cybersecurity

President Trump's administration is expected to push for increased cybersecurity spending in US government, but also for increased digital surveillance and encryption work-arounds.

That's the view of some cyber-security policy experts, who said they expect Trump to focus on improving cybersecurity at federal agencies while shying away from new cyber-security regulations for businesses. 

Trump is likely to look for ways for the National Security Agency and other agencies to assist the government and companies in defending against cyber-attacks, said Jeffrey Eisenach, a visiting scholar at the American Enterprise Institute and a tech adviser during Trump's presidential transition.

"Cyber has to be top of mind for any view of the United States' global strategy," Eisenach said recently during a discussion about Trump's cybersecurity priorities. "If you're not thinking of cyber first, I don't know what you should be thinking about."

A proposed executive order from Trump on cybersecurity was leaked in January, but its formal release was postponed. Beyond the leaked drafts, it's difficult to read the tea leaves of a Trump cyber policy, other cyber-security experts said. 

Given Trump's focus on fighting terrorism during his presidential campaign, he's likely to push for greater surveillance powers, said Adam Klein, a senior fellow at the Center for a New American Security. A foreign surveillance provision in US law is set to expire at the end of the year, and Klein expects the Trump team to push for unfettered re-authorisation.

Trump "campaigned on vigorous counter-terrorism efforts, and that is likely to lead his approach on surveillance and privacy issues," Klein said. Trump may move away from former President Barack Obama's attempts to balance privacy and national security, he said. 

The Department of Homeland Security has already talked about demanding social media passwords during border searches, Klein said. While he said he doubts the searches will happen, the discussion "suggests we're in a new era here," he added.

Meanwhile, Trump and new Attorney General Jeff Sessions have both criticised tech companies' resistance to encryption backdoors, Klein noted. Both called on Apple to assist the FBI with unlocking a terrorism suspect's iPhone last year. Even if Congress doesn't pass encryption legislation, the Department of Justice could aggressively sue tech companies that refuse to break encryption, he said.

While Trump initially pushed for the cyber-security executive order, related issues now seem to be on the backburner in his administration as he focuses on a travel ban from Muslim-majority countries, building a border wall, and other issues, said Denise Zheng, director of the Technology Policy Program at the Center for Strategic and International Studies.

Drafts of the executive order assigned each cabinet official more responsibility for the safety of data within their agencies. Trump has also called for agencies to modernise their IT systems as a way to improve cyber-security.

One of the main cyber-security issues going forward is Russian hacking and its impact on the presidential election, but that's a "tough issue" for Trump to tackle, Zheng said.

Trump should focus on encouraging agencies and companies to share cyber-threat information and on modernising government IT systems, recommended Steve Grobman, CTO of Intel Security. The government's legacy IT systems "were not designed to make use of modern security best practices," he said.

To help with private-sector cyber-security, Trump should look for ways to expand cyber-security training programs, Grobman recommended.

And instead of regulations, Trump could look at tax breaks as a way to encourage companies to improve their cyber-security, he added. "Positive incentives, rather than punitive regulations, will help produce real results," he said.

Grobman also called on the Trump administration to resist any urges to require encryption backdoors in tech products. Encryption backdoors in devices may prompt criminals to move to other encryption technologies that device makers have no control over, he said.

"We need to test whether we're solving the problem with the solution that's being recommended," he added.

Computerworld

Tech Companies Oppose Trump’s Travel Ban:

Anonymous To Trump: You will ‘Regret’ Next 4 Years:

Trump Offers A Cyber Security Warning:

 

 

« Are Employees Your Weakest Link When It Comes To Security?
US Buys Mysterious ISIS Drone Killer »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

High-Tech Bridge

High-Tech Bridge

High-Tech Bridge SA is a Swiss MSSP provider offering security auditing, source code review and computer forensics.

High Technology Crime Investigation Association (HTCIA)

High Technology Crime Investigation Association (HTCIA)

HTCIA was formed to provide education and collaboration to our global members for the prevention and investigation of high tech crimes.

Outpost24

Outpost24

Outpost24 provides easy to deploy and intuitive solutions to continuously identify, remediate and mitigate vulnerabilities in your network.

HDI Global SE

HDI Global SE

HDI Global SE provides customised insurance solutions for industrial and commercial clients worldwide including Cyber Liability insurance.

AuthenTrend

AuthenTrend

AuthenTrend provide biometric authentication products to achieve high security with extreme ease-of-use for the user.

Destel

Destel

Destel is a system integrator and provider of IT services focused on Advanced Network & Security Solutions.

Cryptika

Cryptika

Cryptika is a fully integrated IT security and managed services provider, specialized in Next-Generation Cyber Security Technologies.

Visium Technologies

Visium Technologies

Visium Analytics provides innovative data visualization, cybersecurity technologies and solutions to businesses to protect and secure their data assets.

Krypsis

Krypsis

Krypsys is an information security company with a focus on helping you defend your information and data against emerging security threats.

Infinipoint

Infinipoint

Infinipoint pioneers the first Device-Identity-as-a-Service (DIaaS) solution, addressing Zero Trust device access and enabling enterprises of all sizes to automate cyber hygiene.

CyberQP

CyberQP

CyberQP (formerly Quickpass Cybersecurity) provide Privileged Access Management built for MSPs. Our system is designed to reduce ransomware and social engineering attack risks.

IPKeys Cyber Partners

IPKeys Cyber Partners

IPKeys Cyber Partners, together with the IPKeys Power Partners unit, provide Cyber Security and CIP Compliance for utilities, grid operators and public safety organization across the USA.

Trojan Horse Security

Trojan Horse Security

Trojan Horse Security are specialists in corporate security. Our services include: Comprehensive Cyber Security Analysis, Penetration Testing, Network Security and Security Audits.

Aliro Security

Aliro Security

AliroNet is the world’s first entanglement Advanced Secure Network solution.

Opkalla

Opkalla

We started Opkalla because we believe IT professionals deserve better. We help our clients navigate the confusion in the marketplace and choose the solution that is right for your business.

Lenze

Lenze

Lenze are an experienced partner for automation systems, digitalization and cyber security.