SC Media put a set of questions to cyber-security and privacy experts to assess Donald Trump's first month in the White House and to glean advice for the new president.
How is President Trump doing with his administration's policies on cyber-security and privacy?
Bill Anderson, CEO, OptioLabs: The only thing clear with the policy so far is that he's announced that they will review security issues. There is nothing specific about what will change. Computers are distinctly literal creatures: they will only do what you tell them to do if you speak very clearly in a language (code) they understand. Vague human political speech has no effect on the way computers are actually secured.
Adam Levin, chairman and founder, CyberScout, and the author of Swiped: While President Trump has made a number of cringe-worthy statements, in particular regarding his son's computer skills and 400-pound hackers, there has been leaked language on draft cyber-security executive orders that was in line with a number of recommendations from respected bipartisan experts. It's hard to know where this is going until we see the final copy, but if the education and training mentioned in the first leaked draft makes it into the final order that would be good news, along with a unified approach to cyber-security.
The appointment of Tom Bossert as Homeland Security Advisor may bode well here, too. He is experienced and solid on government security issues. It is hard to know how he will navigate the agenda of corporations versus consumer privacy.
Hitesh Sheth, president and CEO, Vectra Networks: In response to an executive order that leaked in February, this should still be a step in the right direction. We're long overdue for a revamp of the government's existing policies, such as the archaic Continuous Diagnostics and Mitigation program, and it appears that the executive order should help to do this. One of the order's remaining goals is placing more accountability on agency heads to keep their respective systems secure. This is a good step, and it's consistent with trends happening in the private sector.
We hope this will finally break the grip of various large consulting firms whose job it is to sell obsolete solutions that only encourage more spending on consulting services. Many government agencies we work with are dealing with ten-year-old technology that is incredibly out of date. What they're looking for now is to automate more of their critical security controls so they can react much more quickly to mitigate attacks as they're happening.
John Dickson (right), principal, Denim Group: It's too early to tell, but the Giuliani appointment was a positive step because it could elevate cyber-security within a Trump administration given Giuliani's profile and political stature. Also, it appears he is moving quickly to study cyber-security protections for federal government agencies, which needs a re-haul and continued executive focus.
Carson Sweet, co-founder/CTO, CloudPassage: President Trump isn't the guy to watch -- it's Tom Bossert. He's pretty balanced, which based on other Trump administration appointments seems almost uncharacteristic of the administration. The president has been pretty mum and the administration delayed issuing their cyber-security executive order -- I read both of these as a "cooler heads prevailing" situation, which is actually encouraging. The real test, though, will be when the orders come down to force data stewards to give up their charge to law enforcement.
Aaron Tantleff, partner, privacy, security & information management practice, Foley & Lardner LLP: Trump came into office making clear that cyber-security was going to be dealt with upfront, with an “immediate review of all US cyber-defences and vulnerabilities, including critical infrastructure.” However, a recently leaked executive order appears to be an attempt at slowing that down. The leaked draft of the executive order states that the US is only “committed” to “employing the full spectrum of capabilities to defend US interests in cyber-space; and identifying, disrupting and defeating malicious cyber actors.” It's unclear what that means or whether teams have already been assembled and looking at this issue. But on the surface, it sounds like someone is applying a little pressure to the breaks.
On the other hand, Trump's pick of Tom Bossert, for homeland security advisor is a positive sign. He is well regarded and level-headed, and in combination with the draft executive order, may be far less troubling to the private sector, which had been somewhat on guard as to potential implications and new regulations.