Euro Security Watch with Mathew J. Schwartz

Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Standards, Regulations & Compliance

10 Key Cyber Policy Questions as Trump Preps for Presidency

Burning Issues Include Russian Hacking, China's Hitting Critical Infrastructure
10 Key Cyber Policy Questions as Trump Preps for Presidency
Image: Shutterstock

With Donald Trump set to serve a second term as U.S. president, what are the likely outcomes for cybersecurity?

See Also: How Active Directory Security Drives Operational Resilience

"Protecting America's national security and promoting the prosperity of the American people are my top priorities," stated Trump's 2018 National Cyber Strategy.

What Trump's approach looks like in January 2025 and the continuity it shares - or doesn't - with Biden-era policies is unclear.

Four years since the end of Trump's last term, the cyber picture is in many ways markedly different.

In 2022, Russia launched an all-out war of conquest against Ukraine, accompanied by new cyberespionage and operations against NATO and the rise of drone warfare. China has shown increasingly bellicose ambitions for dominance over the South China Sea and Taiwan and has targeted Western critical infrastructure, including hacking Microsoft Exchange. Ransomware and other types of cybercrime have intensified, collectively accounting for billions in losses, not least due to the disruption they cause.

What happens next? Here are key cyber policy areas facing the second Trump administration.

  • Cybercrime: Business email compromise and ransomware attacks continue to disrupt numerous American businesses, and much of this activity traces back to Russia. How Trump will tackle the economic impact of this crime with its geopolitical origins in his next presidential tenure remains to be seen.
  • China: Trump has previously signaled strong dissatisfaction with Beijing's espionage campaigns, including the theft of U.S. industrial secrets. On the campaign trail, he threatened to impose additional tariffs on goods imported into the United States from China, but whether this might have a deterrence effect remains unclear.
  • Iran: From a cyber operations standpoint, Tehran remains one of the four major threats facing the U.S., and the country is behind two recent, major attacks against Israel as the Middle East remains on the brink of a more full-blown conflict.
  • Russia: President Joe Biden sanctioned Russia for its election interference and the SolarWinds attack that occurred on Trump's watch. Moscow continues to use cybercrime as a deniable asset for disrupting its adversaries. Previously, Trump downplayed Russia's cyber operations against the U.S. and attempted to forge closer ties with its autocratic leader, Vladimir Putin.
  • Disinformation: Russia hasn't stopped attempts to interfere in U.S. elections, including by flooding the web with disinformation and even calling in bomb hoaxes to polling stations. Will the second Trump administration continue the Departments of Justice and Homeland Security's efforts to combat this type of interference, lately also traced to China and Iran?
  • Regulations: The Biden administration openly pushed existing authorities to impose new cybersecurity requirements onto critical infrastructure - a project that met with mixed success in federal courts. Administration officials also suggested they might pursue cybersecurity legislation for critical infrastructure as a Democratic consensus coalesced around the conclusion that the mostly voluntary approach of the past decade failed to stem attacks. It's almost certain the next Trump administration won't look overly fondly at the prospect of new regulation.
  • SEC: In the past four years, the U.S. Securities and Exchange Commission has introduced a range of new cybersecurity rules, including requiring publicly traded firms to disclose material cybersecurity events, detail their cybersecurity strategies and notify affected consumers after incidents. If current SEC Chair Gary Gensler - appointed in 2021 by Biden to a five-year term - steps down, might the agency's enforcement priorities change?
  • CISA: Trump fired by tweet the first-ever head of the U.S. Cybersecurity and Infrastructure Security Agency, Chris Krebs, for stating that the 2020 presidential election was the safest in history. In the years since, Republicans voiced mounting suspicion over CISA, the size of its budget and its powers - although the crux of those attacks was over the agency's now-diminished role in countering disinformation. Cyberattacks against American firms remain more damaging than ever before. Experts say an open question is whether Trump might bolster CISA or let it languish.
  • Artificial intelligence: Biden in October published a National Security Memorandum on AI calling for robust adoption of AI across the government, backed by strong governance frameworks that govern "prohibited" and "high-risk" AI use cases. Whether or not Trump torpedoes some of those rules remains to be seen. He appears bullish on AI, saying in September he wanted to "quickly double our electric capacity, which will be needed to compete with China and other countries on artificial intelligence."
  • End-to-end encryption: Trump's prior attorney general, William Barr, repeatedly blasted tech firms for refusing to build backdoors into their end-to-end encrypted messaging platforms. While Barr isn't expected back, will Trump's new attorney general seek to mandate weak encryption for the masses?

Learning From History

In his first term, Trump earned a reputation for being disconnected from cyber issues and warring with key officials.

"President Trump's legacy on cyberspace policy has been consequential but not transformative, an unsurprising outcome for a one-term president," said David P. Fidler, senior fellow for global health and cybersecurity at the Council on Foreign Relations, an independent, nonpartisan think tank in Washington, at the close of Trump's first term.

In terms of offensive activities, cyber operations conducted by the Trump administration appear to have remained extremely tactical, said Joe Devanny, a lecturer at King's College London's Department of War Studies. "All the operations that have so far made it into the public domain have been specific, limited and clearly intended to be interpreted as a signal that the U.S. government was reacting to a particular act or pattern of behavior that it wanted to punish or deter," he said.

Whether the second Trump administration learns to tap cyber as a strategic geopolitical tool for combating the latest threats remains to be seen.



About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.asia, you agree to our use of cookies.