Trump's Top Cybersecurity Advisors Resign

Several members of the National Infrastructure Advisory Council (NIAC), a Homeland Security advisory body, resigned recently.

An unsigned resignation letter obtained by Nextgov gives several reasons for the resignation, including the Trump administration's lack of attentiveness to critical infrastructure and President Trump's recent comments in the wake of unrest in Charlottesville.

Image: Gage Skidmore

The NIAC's role is to advise the president, through the Department of Homeland Security (DHS), on "the security of the critical infrastructure sectors and their information systems."

A majority of security analysts say the US is likely to suffer a cyber-attack targeting infrastructure in the next two years, making the NIAC's role a critical one. Eight members of the 28-member council resigned, which should be enough to make any security professional concerned for the security of US infrastructure.

Why the NIAC Members Resigned

The resignation letter lists several reasons why the writers stepped down from the NIAC, some moral and some infrastructure-related.

On the moral side of things, the letter says the Trump administration has undermined the "moral infrastructure of the US" through Trump's remarks on Charlottesville, echoing the motivation behind a large group of business leaders leaving other Trump administration positions.

Infrastructure concerns were the primary issues stated, namely that the Trump administration "has not demonstrated that it is adequately attentive to the pressing national security matters within the NIAC's purview, or responsive to sound advice received from experts and advisors on these matters."

The letter further cites leaving the Paris Climate Accord, the revocation of flood-risk building standards, and ignoring the effects of climate change as risks to both physical and informational infrastructure.

A look into the State of Cyber-Security readiness

The resignations, which came one day before the release of an NIAC report on cybersecurity readiness, and the letter that accompanied them tilted toward moral indignation, but that indignation is simply part of the core problem the resignees reported: The administration isn't listening to the NIAC or other cyber-security professionals.

The timing of the resignations and the release of the NIAC report may well be coincidental, but that doesn't change the report's pessimistic tone, the report even says that interviews with government and industry security professionals was "an echo chamber, loudly reverberating what needs to be done to secure critical US infrastructure against aggressive and targeted cyber-attacks."

If properly harnessed, the report goes on, the cyber-security resources in the United States could be effective in preventing a large-scale attack, but harnessing them has been the problem thus far.

If those who resigned are correct in their assessment that the administration is largely ignoring, and even undermining, national cybersecurity efforts, we're in for a "watershed, 9/11-level cyber-attack," and the window we have to prevent it is closing.

With such an imminent threat on the horizon it's disheartening, even downright alarming, to see those who have the know-how to prevent it walking away in frustration. Moral indignation or not, these resignations should make us all nervous.

Top 3 Conclusions:

  1. Several members of the National Infrastructure Advisory Council resigned recently, citing dissatisfaction with the Trump administration's lack of attentiveness to national cyber-security threats.
  2. The resignations came a day before the release of an NIAC report on the state of US government cyber-security. The report says that all the necessary pieces are present, but that the government is falling short of using existing tools effectively.
  3. The resignations, followed by the report, should make anyone with an interest in cyber-security nervous: Even federal government-level experts are walking away in frustration at administration inaction.

TechRepublic:

You Might Also Read: 

Loss Of Cyber Expertise Is A Problem For Trump:

Trump Signs Cybersecurity Order:

 

« AI Attacks Are Just Around The Corner
Businesses Need Cyber Insurance – Now! »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Information Security Media Group (ISMG)

Information Security Media Group (ISMG)

Information Security Media Group is the world’s largest media organization devoted solely to information security and risk management.

OneLogin

OneLogin

OneLogin simplifies identity management with secure, one-click access,for employees, customers and partners, through all device types, to all enterprise cloud and on-premise applications.

Backup Technology

Backup Technology

Backup Technology is a world leader in the Online Cloud Backup, Disaster Recovery and Business Continuity market.

EC-Council

EC-Council

EC-Council is a member-based organization that certifies individuals in various e-business and information security skills.

Japan Information Security Audit Association (JASA)

Japan Information Security Audit Association (JASA)

JASA is non-profit association active in developing and managing the quality of Information Security Auditing and Auditors in Japan.

Igloo Security

Igloo Security

Igloo Security is a leader and pioneer in SIEM (Security Information & Event Management), PSIM (Physical Security Information Management) and MSS (Managed Security Services).

PerimeterX

PerimeterX

PerimeterX is the leading provider of solutions that secure digital businesses against automated fraud and client-side attacks.

Cyber Security Audit Corp (C3SA)

Cyber Security Audit Corp (C3SA)

C3SA specializes in architecting, operating, managing and improving defensible and resilient IT infrastructures for Canada's public and private sectors.

ReFirm Labs

ReFirm Labs

ReFirm Labs provides the tools you need for firmware security, vetting, analysis and continuous IoT security monitoring.

DataDome

DataDome

DataDome offers real-time AI protection against all OWASP automated threats, including credential stuffing, layer 7 DDoS attacks, SQL injection & intensive scraping.

KETS Quantum Security

KETS Quantum Security

KETS harnesses the properties of quantum mechanics to solve challenging problems in randomness generation and secure key distribution and enable ultra secure communications.

Uptime Institute

Uptime Institute

Uptime Institute is an unbiased advisory organization focused on improving the performance, efficiency, and reliability of business critical infrastructure.

Togggle

Togggle

Togggle offers seamless identity verification solutions and distributed infrastructure, enabling organizations to combat fraud and ensure compliance with data protection regulations.

NVISO Security

NVISO Security

NVISO is a pure-play cyber security consulting firm, focused mainly on the Financial Sector, the Technology Sector, and Government & Critical Infrastructure.

Dryad Global

Dryad Global

Dryad Global offers a comprehensive suite of maritime intelligence solutions, including a best-in-class situational awareness, planning and security system and industry-leading cyber protection tools.

When Group

When Group

World Health Energy Holdings, Inc. (d/b/a WHEN Group) is a High Tech Holding Company that specializes in the Cyber, Security and Telecom area.