With every new presidential administration comes a new approach to federal policy—and this includes new approaches to cybersecurity protections. In the wake of the January inauguration, the question on many cybersecurity experts’ minds is: what should we expect from the Trump administration? Will previous strategies continue to be employed, or will there be wholesale changes? We can expect, for example, that the new administration will reject Biden’s regulations of the private sector, but with cybersecurity being a largely bipartisan issue, there remains a question of whether a desire to protect American assets will drive a more stringent approach to other areas of cybersecurity.
Unfortunately, early returns suggest that less will be more for the new administration. One controversial move involves the disbanding of the Cyber Safety Review Board (CSRB), an advisory committee that was responsible for analyzing major cyber incidents and recommending strategies to strengthen public and private sector defenses. For example, before its disbanding, the CSRB was investigating a series of cyberattacks by a threat actor termed Salt Typhoon (believed to originate with the Chinese state), including an attack that managed to compromise the infrastructure of U.S. telecommunication and internet service provider companies.
Several Cybersecurity and Infrastructure Security Agency (CISA) workers, who previously served in the Election Security and Resilience division, have also been put on administrative leave. Although some previously worked to counteract foreign misinformation attacks on American citizens, others worked with state and local governments to protect their election processes from cyberattacks. This is notable because, currently, there have been no nominations to replace the outgoing CISA Director, nor have there been any nominations for other cybersecurity roles. With members of the new administration asserting that the CISA has strayed “far off mission,” there is a worry that, perhaps, cybersecurity roles will be deemphasized across the board for President Trump and his team.
With North Korea, China, and other foreign nations serving as significant cybersecurity threats, it remains to be seen how the Trump administration will respond. What we do know is, whether it is the continuation of Salt Typhoon attacks or new threat actors, the United States will face additional cybersecurity attacks. The question is merely a matter of when.