Things appear to be adrift at the White House, Scott says. “They're just embroiled in so much controversy,” he adds, citing the lingering Russian investigation.
By denying the Russians hacking and manipulating the presidential election, the Trump administration made cybersecurity strategy political when it should remain nonpartisan, says Sulmeyer.
“It's hard to push forward a cybersecurity program if you're not going to take a tough stance on Russia,” Castro says.
While there hasn't been any major cybersecurity events that forced the Trump administration to take a position, “we're sort of in a holding pattern to see what the administration will do,” says Castro, noting the White House cultivates “unpredictability” to all matters, especially when dealing with the media, just adding to the overall uncertainty.
“If there was an immediate threat that the U.S. needed to respond to, you want people in the room who have already thought through these issues, and have formulated what the administration's policy will be. It's very easy to get this wrong,” Castro notes. For example, responding to an attack without proper evidence, or escalating an attack, “there are just so many things that can go wrong. You want an administration that has plans on the books of what to do.”
Scenarios involving low-to-mid-level attacks still might not warrant a response, or be critical enough to show your hand. However, addressing a major nation-state cyberattack amid uncertainty appears to be a recipe for disaster.
It's not necessarily a bad thing taking time in formulating a policy position, believes Sulmeyer, “as opposed to firing one out there after no consultation.”
Continuing animosity and mistrust between the president and the intelligence community – whether information being fed is correct and not politically motivated – doesn't instill cooperation among parties that generally need to be on the same page to be adequately prepared for a crisis.
“I think Congress will probably play a greater role in this space, there's oversight,” Castro says. “Congress has been engaged on these issues, and are able to get those intelligence briefings and communicate on the validity of responses.”
Apart from waiting for the White House's lead, Scott notes federal agencies are more focused than ever sharing cyberthreat information.
Furthermore, such cooperation within not only the government but also the private sector is necessary in today's attack-ridden climate to protect national interests, such as the power grid.
However, Trump's “America First” motto should lead to “a visceral reaction that we should keep to ourselves anything that gives the U.S. an advantage,” as opposed to forging alliances, anticipates Castro.
The North Atlantic Treaty Organization (NATO) is concerned how the tough talk out of the White House can shape cyber policy, according to Kenneth Geers, senior research scientist at Comodo, and ambassador, NATO Cyber Centre. Everybody at NATO, he says, is still in shock at the advent of Trump. He's also concerned about recent examples showing incompetence in State Department matters, for example.
Scott says the cyber professionals who his organization, ICIT, deals with at NATO, EU and U.K., are “cautiously optimistic,” hoping for the best from a policy perspective.
Heritage Foundation cyber research associate Riley Walters says anticipates potential legislation on increased cooperation with international partners, such as Great Britain, Japan and South Korea. “Maybe something with NATO, perhaps,” Walters adds.
Regarding any Trump policy surrounding cyberwarfare, Walters notes, “It's always good to make sure you have the best cyber capabilities in your arsenal,” notes Walters. “Whether we're actually using them, hopefully not, but you should not restrict yourself, I suppose.”
Geers, editor of the books Cyber War in Perspective and The Virtual Battlefield, points out cyberattacks today will precede any kind of military strike of significance. His point jibes with New York Times reporter David Sanger recently talking to NPR about the Obama administration quietly waging an “active cyber war” with North Korea to ward off its nuclear weapon capability.
“A tank, a plane or a ship, especially in a military context, is vulnerable to a wide range of attacks, sometimes even more so because they're bristling with communications,” notes Geers, who's also a senior fellow at the Atlantic Council.