Trump Administration Cyber Policy Should Increase Collaboration, Set New Norms, Experts Say
President-elect Donald Trump's cybersecurity policy focus should be on increasing coordination between the federal government and private sector stakeholders, said government officials and policy experts during a Bipartisan Policy Center event Friday. Cybersecurity policy is seen as an area in which stakeholders perceive a likelihood that the incoming administration will take an active role in collaboration with Congress. That isn't likely to shift the U.S. cybersecurity policy approach away from the broad consensus seen during President Barack Obama's administration (see 1611090039).
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
House Oversight IT Subcommittee Chairman Will Hurd, R-Texas, said that he believes the Trump administration should actively continue and increase cross-pollination of government and private sector cybersecurity efforts. The public and private sectors have to “be working together” to effectively maintain U.S. national security interests online, Hurd said. He noted that House Oversight IT would continue to push for a “cyber National Guard” aimed at reducing the college costs of students looking to enter the cybersecurity workforce in exchange for a commitment to work in cyber jobs at federal agencies for a period of time after getting their degrees. Those students' shifts between the public and private sectors would improve both sides' ability to innovate on cybersecurity, Hurd said.
Increased public-private collaboration on cybersecurity must also extend to information sharing efforts, said former U.S. Deputy Attorney General Jamie Gorelick, now a WilmerHale lawyer. Despite the 2015 Cybersecurity Act (see 1512180052), there's continued hesitance to put the government and private sector “in the same room” on cybersecurity issues, Gorelick said. Such conversations also need to include the military because it could play an important role in domestic cyber protection, Gorelick said.
Hurd said he agrees that “we need to do better” on information sharing despite improvements evident following the act. He noted that the Department of Homeland Security's designation as the central civilian portal for information sharing has increased private sector sharing. That increase comes in part from the assurances that DHS will be able to facilitate information sharing while protecting Americans' civil liberties, he said. The increased role also has allowed the department to do vulnerability assessments for other federal agencies, Hurd said.
The University of California, Berkeley's Center for Long-Term Cybersecurity released cybersecurity policy recommendations Friday for the next administration, including a push for Trump to establish a Cyber Advanced Research Projects Agency. CARPA would be able to aggregate existing federal and Defense Advanced Research Projects Agency cybersecurity efforts. CLTC recommended Trump establish a cyber workforce incubator aimed at improving circulation of ideas between the federal government and tech sector firms. CLTC urged the Trump administration to establish a policy of “declarative deterrence” on cybersecurity in which the U.S. would set new norms for nation-state cyber behavior. CLTC also sought loan forgiveness or deferral of student loans for cybersecurity professionals.
The start of the administration will present an “opportunity to reset the playing field” on cybersecurity policy by establishing a new set of norms for behavior, said CLTC Faculty Director Steven Weber. The federal government needs to frame cybersecurity as a “shared societal defense problem” that requires increased buy-in from all stakeholders in the years ahead, Weber said. The government can improve consumers' participation in cybersecurity activities through a public awareness campaign that takes an approach to showing the nature of the problem similar to that used in previous campaigns to reduce smoking and increase recycling, Weber said.
Framing cybersecurity as a “notion of community values” will cause consumers to be thoughtful about improving the cybersecurity of their personal electronic devices, particularly the implementation of two-factor authentication and other heightened measures, Weber said. The anti-smoking and pro-recycling campaigns fundamentally changed norms by showing them as ways to “make a difference,” particularly when children pointed out the issue to their parents, CLTC Executive Director Betsy Cooper said.