Straw Into Gold

By Phil Reitinger

The election of Donald Trump as the 45th President opens up a set of unknowns for cybersecurity policy.  The information provided by the campaign’s website is somewhat generic, although indicative of a focus on cyber offense and increasing the role of the US Department of Defense.

What, then, should the future President Trump’s initial cybersecurity focus be?  That is a complicated question and many will make recommendations.  But while the question is complicated, the answer I think is simple – creating a national consensus for action.

I and others have pointed out that the US national rhetoric on cybersecurity doesn’t line up with its actions.   Cybersecurity is called the most significant, or second most significant (behind terrorism), national security issue the US faces.  The US has made progress, including passing legislation to increase information sharing and developing a framework for analyzing cybersecurity defenses.  But every year, the cybersecurity situation grows worse.

Rapid, concrete action is required.  Achieving that will be difficult for a President both likely to avoid regulatory requirements for cybersecurity, and unlikely to devote substantial additional resources that would increase the size of the government budget.  President-Elect Trump’s platform makes clear that the role of the US Department of Defense will grow, “enhancing U.S. Cyber Command, with a focus on both offense and defense in the cyber domain.”  But even that vaunted agency lacks a magic wand, and the most potent offense in the world cannot defend against an increasingly distributed and capable adversary (consider the lesson of terrorism).

With a lessened set of means to improve cyber defense broadly, the new President will need to spin straw into gold, creating a national consensus for action that actually drives widespread steps to increase national cybersecurity.  That’s a tall order, tried by every Administration this century, with only limited success.  However, with consensus for action, “voluntary” mechanisms that have been off the table – such as liability limitations for the victims of attack who meet cybersecurity standards – could be back on it.  In short, the President must rapidly build that national consensus and quickly pivot that consensus into action.  No more admiring the problem, please.

The author, Phil Reitinger, is the President and CEO of the Global Cyber AllianceYou can follow him on Twitter @CarpeDiemCyber.