As Donald Trump prepares to assume the presidency, cybersecurity strategy should be high on his priority list. Time is of the essence, as those who want to cause harm are not taking a hiatus as our country moves through this massive transition of power.
To ensure the safety of our country, our citizens, and the operation of our financial and critical infrastructure, I strongly recommend President-Elect Trump support the Cybersecurity National Action Plan (CNAP) enacted by President Obama in February 2016.
CNAP is a comprehensive, bi-partisan plan that contains many critical elements that can be further evolved across Trump’s presidency. For example, it champions responsible nation-state behaviors and codes-of-conduct around the use of offensive cyber capabilities.
Specifically, as part of the CNAP, bi-partisan congressional leadership appointed members to the Commission on Enhancing National Cybersecurity in April 2016. This 12-person advisory panel is comprised of highly-experienced leaders from a cross-section of public, private, and educational sectors—such as the former CEO of IBM, the prior chief security officer of Facebook, and the prior director of the National Security Agency. This is an insightful and seasoned panel of advisors that Trump and his administration would be wise to engage with and learn from prior to assuming his presidency.
CNAP also expanded investment in the U.S. Cyber Command to ensure the full operational target is realized by 2018. The reality is that cyberspace is the fifth dimension of war (land, sea, air, and space being the other four), and the U.S. must be well prepared to leverage and defend this dimension when called upon.
Trump should ensure that the establishment of the full U.S. Cyber Command is on track and other related Department of Defense institutions and capabilities are appropriately funded and supported. The U.S. must be at the razor’s edge in terms of modern cyber warfare offensive and defensive capabilities.
As Trump assumes his presidency, cybersecurity has never been more important to our nation’s economic and national security interests. His go-forward strategy with the CNAP should address three primary risks:
- Critical infrastructure: The specter of a rogue nation or terrorist organization using cyber to attack and bring down U.S. critical infrastructure—specifically the energy grid—is no longer a theoretical threat. A devastating attack is not only possible; it’s rapidly becoming more probable. Securing our country’s critical infrastructure is a strategy imperative.
- Industrial espionage: Billions of dollars in intellectual property is being stolen every year by national state threat actors targeting U.S. corporations, universities, and defense contractors. These activities weaken our national defense and dull our strategic edge across broad economic sectors.
- Cyber crime economic tax: The impact of cyber-crime on U.S. corporations and citizens is enormous. If the current trend of cyber-crime is not leveled out and reduced, it will place an economic burden on U.S. companies and citizens that could have a debilitating long-term impact.
Finally, as written, the Cybersecurity National Action Plan’s recommendations will further both national and global cybersecurity interests. Specifics that Trump should stand behind include:
- Increasing the 2017 federal cybersecurity budget to better secure our nation’s agencies and interests.
- Modernizing critical government IT infrastructure to ensure that it’s less vulnerable to cyber-attacks.
- Enabling critical infrastructure security improvements through investment in DHS programs and advisory services, including establishment of a National Center for Cybersecurity Resilience.
- Creating a national cybersecurity assurance program to test and certify the security of IoT devices, which could deflect incidents such as the October DDoS attack that left millions of users unable to reach some of the biggest sites on the web.
- Requiring agencies to conduct risk assessments to identify and prioritize the protection of highest-value and most at-risk IT assets and data.
- Supporting the development of a more secure internet at an infrastructure layer (e.g., protocols).
- Championing responsible nation-state behaviors and codes-of-conduct around the use of offensive cyber capabilities.
President-Elect Trump has numerous functions, posts, and decisions to make. I strongly encourage him to allow the strategic, bi-partisan work done on cybersecurity by the previous administration to move forward. We, as a nation, cannot afford even a millimeter of retreat—or undoing of momentum—on this critical new dimension of national security.