Trump on Cybersecurity – Where’s the Beef?

As the dust settles on Donald Trump’s extraordinary ascent to the White House, what do we know of his plans for cybersecurity? I’ve been speaking to a variety of experts for an upcoming Infosecurity Magazine feature and, believe it or not, the majority are not particularly optimistic of the future.

His official website, outlining the Trump ‘vision’ for cybersecurity, focuses on some easy wins:

• An immediate review of critical infrastructure and federal cyber “defences and vulnerabilities” by a Cyber Review Team comprised of members of the military, law enforcement and private sector
• The same team to establish “protocols and mandatory awareness training” for all federal employees
• DoJ to create Joint Task Forces to co-ordinate federal, state and local law enforcement cybersecurity responses
• Defence secretary to make recommendations on enhancing US Cyber Command
• Development of offensive cyber capabilities

Doug Henkin, litigation partner at Baker Botts, said the focus on awareness raising is a positive.

“This appears to be a good development for setting a positive tone to lead from above with respect to best practices for protecting against cybersecurity threats and is also essential for corporations seeking to ensure good cybersecurity preparedness,” he argued.

“It is essential to increase training as the new administration has recognised, while also remaining vigilant to how cyber attacks occur.”

That’s pretty much where the good news ends.

It might be too early to judge president-elect Trump on his cybersecurity credentials. But it must be remembered that, despite his bluster over ‘Crooked Hillary’ and her email blunder, his businesses were found to be a whole lot worse when it comes to security. Independent researcher Kevin Beaumont scanned publicly available records last month and found many of Trump organizations’ messaging servers are running the no-longer supported Windows Server 2003 and Internet Information Server (IIS) 6. He also found 2FA unsupported, meaning user accounts are vulnerable to password phishing or brute force attacks.

What’s more, as a briefing document from think tank the Information Technology and Innovation Foundation (ITIF) tells us, Trump has promised in the past to apply tariffs against China if it “fails to stop illegal activities” and to “adopt a zero tolerance policy on intellectual property theft.”

Given what we know about China, this is a dangerous game to play. Beijing will continue to pretend it is abiding by the agreement between presidents Obama and Xi to stop state-sponsored economic cybercrime.  And that could lead to heavy reciprocal penalties on US tech firms in China, such as Apple. The state-backed Global Times has already warned China will adopt a tit-for-tat approach if Trump plays it tough.

Silicon Valley scares

Trump’s election is also a disaster for Silicon Valley. The former reality TV star has expressed support in the past for the FBI’s stance in trying to force Apple into building a backdoor to unlock the San Bernardino shooter’s phone. He even called for a ban on Apple products in response to the firm’s refusal to do so. We can therefore expect more pressure on them to undermine encryption, which would be a disaster for businesses and consumers everywhere, as well as the American tech firms themselves.

As if that weren’t enough, he’s also a big fan of the Patriot Act and will inherit a fearsome surveillance apparatus from Obama. The Democrat is already being blamed for failing to overhaul the huge encroachment on civil liberties enacted by the Bush administration. Writing in the Guardian, Freedom of the Press Foundation executive director, Trevor Timm, had this:

“What horrors are in store for us during the reign of President Trump is anyone’s guess, but he will have all the tools at his disposal to wreak havoc on our rights here at home and countless lives of those abroad. We should have seen this coming, and we should have put in place the safeguards to limit the damage.”

Let’s hope he surprises us all.