Cybersecurity staff and policy are slowly developing under the Trump administration. Will the new cyberarsenal match the tweeting rhetoric. Larry Jaffee enquires.
Less than three months into the Trump administration's topsy-turvy tenure, a cybersecurity staff is slowly taking shape. Besides a few high-profile appointments, including cybersecurity czar Rob Joyce, Joshua Steinman (one of Joyce's two principal deputies), and National Security Adviser H.R. McMaster, actual cyberwarfare or more general policy positions are not known.
The six cybersecurity wonks – five from beltway think tanks and one from an international organization with a vested interest – who spoke to SC are eagerly awaiting specifics beyond generalities.
“The draft executive order to my mind could have been written by President Obama, maybe not completely, but not with a lot of differences,” says Paul Rosenzweig, a visiting fellow with the conservative think tank, the Heritage Foundation, which has advised on much of the White House agenda but is not necessarily the lead adviser on cyber.
The EO was finally released on May 11. Much of the budget for cyber is classified budget for groups like the NSA,” says Rosenzweig, a former deputy assistant secretary for policy appointee in the Department of Homeland Security (DHS) under President George W. Bush, from 2005 until Jan. 20, 2009, when President Obama took office.
Rosenzweig's understanding that planned DHS expenditures for cyber within the National Preparedness and Protection Division, for example, are essentially “flat” at $700 million, the same level allocated by the Obama administration, but that's obviously one small piece of cyber expenditures made by the executive branch, with the Defense Department obviously commanding huge unknown sums for cyber.
Regarding staffing matters, to Rosenzweig's knowledge none of Heritage's cyber experts have gone to work for the administration. He also believes former New York City Mayor Rudolph Giuliani is still slated to chair a presidential commission on cybersecurity. (A call to confirm at Giuliani's law office in Manhattan wasn't returned.)
OUR EXPERTS: Policy
Daniel Castro, vice president, Information Technology and Innovation Foundation
What was surprising, the incoming administration did not take anyone among the political appointees on their offer to stay on board and try to be helpful, comments Michael Sulmeyer (right), cybersecurity project director of the Harvard Kennedy School. “So distrusting of the Obama staff were they that they figured it would be better to have no one,” he adds.
“We're waiting to see who they end up staffing up on cybersecurity issues, and to what extent such staff has influence outside of a national security angle,” says Daniel Castro, vice president of the Information Technology and Innovation Foundation, a Washington, D.C., think tank.
Castro's understanding is that the current executive branch didn't turn off cyber defenses, despite rolling back many other aspects of governing inherited from the previous administration.
“Will economic interests play a role or will it be driven purely by the military national security side, which seems to be dominating Trump's early appointees,” he asks, adding that was also a problem with the Obama administration.
Despite media reports to the contrary, civil servants working on cybersecurity – who were not political appointees – are not suffering from poor morale as the result of the new administration, according to James Scott, co-founder of the non-partisan think tank the Institute for Critical Infrastructure Technology (ICIT).
“I have not seen that at all from the senior intel people I talk with,” Scott says. “These guys are in the trenches working as hard as they did with the last administration,” he adds.