Close Close

Regulation and Compliance > Cybersecurity

In Trump Policy Uncertainty, Clarity on Cybersecurity Positions

Your article was successfully shared with the contacts you provided.

Predicting how Republican President-elect Donald Trump will govern on a range of issues from transportation to taxation can seem an unavailing exercise in speculation.

Yet despite still-vague policy positions, how a Trump administration would handle privacy and cybersecurity matters is one area that can be better deciphered than most, especially given how Trump has campaigned in the 2016 election and the advisers with which he surrounds himself.

Since Trump positioned himself as the “law and order” candidate during the election, and admitted in December 2015 that the United States would ”err on the side of security” once in office, for example, most experts expect him to take a hawkish stance on matters affecting law enforcement and national security.

“My perception is that Trump is very pro-law enforcement, which is also seen in some of his [advisers] like Rudy Giuliani,” said Darren Hayes, director of cybersecurity and an assistant professor at Pace University in New York.

Hayes sees Trump as “supporting the government in its discussion with securing help from Apple to get access to iPhones and [from] other companies like Google in getting access to Android devices to help with law enforcement investigations.”

And Hayes is far from the only one expecting the president-elect to tip the scales in the debate over whether technology providers can design and encrypt devices to circumvent law enforcement and government access.

Lisa Sotto, managing partner and chair of the global privacy and cybersecurity practice at Hunton & Williams, for example, predicted, “A Trump administration will be less patient with privacy advocacy groups with respect to pushing their agenda to override security initiatives. I think security really will take a front seat to privacy.”

Christopher Dore, partner at Edelson, also saw as a likelihood that with Trump at the helm of a Republican Congress, the government will seek to “get more access both internationally and domestically” from private companies for pertinent information affecting national security. The team will likely “use the weight of the federal government to have access and control over that information,” he said.

(Related: Treasury’s Financial Crimes Unit Releases Cyber Guidance)

Dore also did not expect Trump to sway far from the decades-long support the National Security Administration has received for its surveillance program from prior administrations.

“The Obama administration and the Bush administration before that form a government level that has focused heavily on allowing government surveillance to exist on some level, they have very strong interest in that,” he said, adding that he doubts such programs will face drastic changes under a Trump administration.

Private-Sector Cybersecurity

While privacy and cybersecurity experts are betting a Trump administration will increase pressure on the private sector to cooperate in security matters, they see little action from the post-election government on regulating enterprise cybersecurity in the near future.

“I think one thing we can probably likely rely on from both Trump and a Republican Congress is the lack of regulation in the privacy space as it applies to business and consumers, [even though] we presently are on the precipice of likely environment for legislation to be passed at both the state and federal level,” Dore said.

Trump’s position on this issue is unique, however, given his own companies’ exposure to the challenging cybersecurity situation U.S. businesses have faced in recent years.

(Related: Your Biggest Cybersecurity Threat? Your Employees)

“As we know, corporations have been under fire for the last several years with respect to cybersecurity issues, and the Trump Organization was certainly not exempt,” Sotto said.

But Dore noted that Trump’s private-sector experience with cybersecurity is less than reassuring for those looking for more cybersecurity guidance from the federal government.

“His track record in the private sector on data security is frankly terrible: His hotels have been hacked more than once , and even just in the last month there was revelations about security vulnerabilities in his email systems .”

Dore called Trump’s business experience “not a strong endorsement of how he will enforce or increase cybersecurity at the government level,” adding that Trump “is unlikely to be a person who is going to step into the private sector from the government and say these are the standards you have to follow.”

Business experience or not, however, many experts agree there is a lot Trump will need to learn concerning privacy and cybersecurity matters affecting the nation.

“I think he is going to need to get better educated and bring a more sophisticated understanding of cybersecurity issues to the position, because the problems he is going to face is not just credit cards being stolen from retailers, but instead enormously sophisticated cyberattacks by nation-state actors.”

How Trump responds to cyberespionage and nation-state attacks, though, is causing some apprehension given his actions during the election, such as his call for Russia to hack into Hillary Clinton’s emails.

Dore, for example, saw a possibility Trump will abuse cyberwarfare and surveillance tools, as well as cyberattack situations, to retaliate against his detractors. He called this a “fair concern based on the manner which he has conducted himself during the campaign.”

Hayes, however, said that such a situation is unlikely given that Trump will likely lean on advisers to handle cybersecurity issues, and he may eventually come to understand the need to responsibly manage cybersecurity and defenses “once he gets access to more classified information and sees the [volume of] attacks that occur in a daily basis against the Department of Homeland Security and other agencies.”

Such experiences, after all, may expose Trump to the consequences and challenges of deploying the digital arsenal of the U.S. government.

“Cyber weapons are very powerful, and we need to use them very carefully, because they can be turned to our advantage or to our disadvantage very easily,” Sotto said. “So these are not weapons to be trifled with, and to the extent Trump chooses to use a cyber weapon proactively, he can be pretty sure that that same weapon will be used [in retaliation] in unforeseeable ways later on.”

— Read Can Trump, GOP Stop DOL Rule? Not Likely on ThinkAdvisor’s TechCenter.