Trump Administration's Policy On Cybersecurity

Uploaded on 2017-04-10 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

President Trump's administration is expected to push for increased cybersecurity spending in US government, but also for increased digital surveillance and encryption work-arounds.

That's the view of some cyber-security policy experts, who said they expect Trump to focus on improving cybersecurity at federal agencies while shying away from new cyber-security regulations for businesses. 

Trump is likely to look for ways for the National Security Agency and other agencies to assist the government and companies in defending against cyber-attacks, said Jeffrey Eisenach, a visiting scholar at the American Enterprise Institute and a tech adviser during Trump's presidential transition.

"Cyber has to be top of mind for any view of the United States' global strategy," Eisenach said recently during a discussion about Trump's cybersecurity priorities. "If you're not thinking of cyber first, I don't know what you should be thinking about."

A proposed executive order from Trump on cybersecurity was leaked in January, but its formal release was postponed. Beyond the leaked drafts, it's difficult to read the tea leaves of a Trump cyber policy, other cyber-security experts said. 

Given Trump's focus on fighting terrorism during his presidential campaign, he's likely to push for greater surveillance powers, said Adam Klein, a senior fellow at the Center for a New American Security. A foreign surveillance provision in US law is set to expire at the end of the year, and Klein expects the Trump team to push for unfettered re-authorisation.

Trump "campaigned on vigorous counter-terrorism efforts, and that is likely to lead his approach on surveillance and privacy issues," Klein said. Trump may move away from former President Barack Obama's attempts to balance privacy and national security, he said. 

The Department of Homeland Security has already talked about demanding social media passwords during border searches, Klein said. While he said he doubts the searches will happen, the discussion "suggests we're in a new era here," he added.

Meanwhile, Trump and new Attorney General Jeff Sessions have both criticised tech companies' resistance to encryption backdoors, Klein noted. Both called on Apple to assist the FBI with unlocking a terrorism suspect's iPhone last year. Even if Congress doesn't pass encryption legislation, the Department of Justice could aggressively sue tech companies that refuse to break encryption, he said.

While Trump initially pushed for the cyber-security executive order, related issues now seem to be on the backburner in his administration as he focuses on a travel ban from Muslim-majority countries, building a border wall, and other issues, said Denise Zheng, director of the Technology Policy Program at the Center for Strategic and International Studies.

Drafts of the executive order assigned each cabinet official more responsibility for the safety of data within their agencies. Trump has also called for agencies to modernise their IT systems as a way to improve cyber-security.

One of the main cyber-security issues going forward is Russian hacking and its impact on the presidential election, but that's a "tough issue" for Trump to tackle, Zheng said.

Trump should focus on encouraging agencies and companies to share cyber-threat information and on modernising government IT systems, recommended Steve Grobman, CTO of Intel Security. The government's legacy IT systems "were not designed to make use of modern security best practices," he said.

To help with private-sector cyber-security, Trump should look for ways to expand cyber-security training programs, Grobman recommended.

And instead of regulations, Trump could look at tax breaks as a way to encourage companies to improve their cyber-security, he added. "Positive incentives, rather than punitive regulations, will help produce real results," he said.

Grobman also called on the Trump administration to resist any urges to require encryption backdoors in tech products. Encryption backdoors in devices may prompt criminals to move to other encryption technologies that device makers have no control over, he said.

"We need to test whether we're solving the problem with the solution that's being recommended," he added.

Computerworld

Tech Companies Oppose Trump’s Travel Ban:

Anonymous To Trump: You will ‘Regret’ Next 4 Years:

Trump Offers A Cyber Security Warning:

 

 

« Are Employees Your Weakest Link When It Comes To Security?
US Buys Mysterious ISIS Drone Killer »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

IT GRC Forum

IT GRC Forum

The IT GRC Forum is an online resource and networking platform for the Governance, Risk Management, and Compliance (GRC) community

Security Industry Association (SIA)

Security Industry Association (SIA)

The SIA's mission is to be a catalyst for success​ within the global security industry through information, insight and influence.

Cymbel

Cymbel

Cymbel provides businesses and government agencies with the tools and expertise they need to manage the most complex security and compliance challenges.

SecuTech Solutions

SecuTech Solutions

SecuTech is a global leader in providing strong authentication and software licensing management solutions.

Aricoma

Aricoma

Aricoma are Architects of Digital. We aim to become a major player in end-to-end IT services and digital transformation in Europe.

Genians

Genians

Genians provides the industry’s leading Network Access Control (NAC) solution, which ensures full visibility of all IP-enabled devices regardless of whether they are wired, wireless, or virtual.

DCX Technology

DCX Technology

Recognized as a leader in security services, DXC Technology help clients prevent potential attack pathways, reduce cyber risk and improve threat detection and incident response.

Innosphere Ventures

Innosphere Ventures

Innosphere Ventures is Colorado’s leading science and technology incubator, accelerating the success of high-impact startup and scaleup companies.

BoldCloud

BoldCloud

BoldCloud's award winning Cybersecurity Advisory services and Layered Security approach adds new critical layers of protection for your data and your business.

RIT Global Cybersecurity Institute

RIT Global Cybersecurity Institute

At RIT's Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

Avalanchio Technologies

Avalanchio Technologies

The Avalanchio platform gives you a complete solution to collect, process, and analyze security data to detect threats in real-time and analyze historical data using security DSL or SQL.

Cyrex

Cyrex

Cyrex is a Web3 security and development company. Our mastery over decentralized applications, smart contracts and blockchain will keep you secure across Web3.

ProvenRun

ProvenRun

ProvenRun is a leading provider of trusted software solutions with extensive expertise and an unwavering commitment to security.

Health Sector Cybersecurity Coordination Center (HC3)

Health Sector Cybersecurity Coordination Center (HC3)

HC3 was created by the US Department of Health and Human Services to aid in the protection of vital, controlled, healthcare-related information.

SecureFlag

SecureFlag

SecureFlag is dedicated to enhancing secure coding across all technical profiles within the Software Development Lifecycle.

Symbiotic Security

Symbiotic Security

Symbiotic Security revolutionizes code security by integrating an AI-driven security coach directly within developers' IDEs.