What Will Cybersecurity Look Like Under Trump 2.0?
Table Of Contents:
Next week is a pivotal point in the U.S. as a new administration enters the White House. Its head, Donald Trump, is known for his commitment to disrupt the status quo, meaning that we should be prepared for some drastic policy changes from January 20 onward. What does that mean for cybersecurity?
One measure that seems likely under the new Trump administration is a focus on aggressive action. During the new president’s first go-around, he introduced the National Security Presidential Memorandum (NSPM) 13, which streamlined the authorisation of the Department of Defense to plan and execute offensive cyber actions. The Biden administration tempered this memorandum in a revision that gave the State Department slightly more oversight over the Pentagon’s efforts, including a dispute resolution process – but not as much as it would like.
The new administration will likely continue to give the DoD more freedom to mount offensive cyber operations, continuing this ‘defend forward’ policy. This might also gain more traction under Trump’s recently appointed national security adviser, Mike Walz. Walz, who will coordinate national security activities between agencies, has a hawkish attitude towards China, which reflects Trump’s own.
“We expect an aggressive posture towards Chinese economic espionage, particularly in advanced tech sectors,” warns Alixia Clarisse Rutayisire, a geopolitical analyst with threat intelligence and risk management company QuoIntelligence, in her study of what the second term holds for cybersecurity. The same applies to Iran, which she recalls hacked the Trump campaign.
An Emphasis On Deregulation
While the new administration is likely to take an aggressive stand on some cybersecurity issues, the president-elect has also promised not just a hands-off approach to regulation but “the most aggressive regulatory reduction” in history.
This rollback, which promises to unravel some of the previous administration’s policies, will likely trickle through to businesses in the form of a switch in regulatory focus. The SEC, for example, introduced strong regulations around cybersecurity incident disclosures. It might not be as willing to enforce these reporting requirements as strongly in a new political environment with new agency leadership.
Some other regulatory rules that are still in development might also be narrowed. In 2022, Congress passed the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). The legislation required the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to create rules that would hold critical infrastructure organisations more accountable for their own cybersecurity.
CISA’s proposed rule, published last April, drew ire from many conservative commentators who felt the agency had overstepped its powers. The final rule isn’t due for publication until later this year, well into the second Trump presidency. Given his known disdain for regulation that affects businesses, its fate in its current form remains unclear. The final rule could be substantially thinned down.
Repealing AI Governance
While we’ll have to see how Trump’s policies play out in these areas, the GOP has been far more transparent on some other Biden-era moves, especially regarding AI. It wants to undo Biden’s October 2023 Executive Order on AI, which promised stricter governance of AI in the private and public sectors.
“We will repeal Joe Biden’s dangerous Executive Order that hinders AI innovation and imposes radical leftwing ideas on the development of this technology,” the party said in its 2024 platform document. “In its place, Republicans support AI development rooted in free speech and human flourishing.”
Other broad efforts are also likely to change under a Trump government, notably the effort to fight disinformation. Trump promised to stamp out the labelling of disinformation or misinformation in 2022, under what he called an anti-censorship move, in December 2022. Elon Musk, owner of X, is already a strong ally of Trump’s and has disavowed the censoring of information that he personally favours on his platform. Facebook fired its fact-checkers and loosened its restrictions on posted content after founder Mark Zuckerberg met with Trump post-election.
The Threat To CISA
CISA, originally created by the Trump administration in 2018, expanded its efforts into fighting disinformation after the 2020 election, pulling back when a Supreme Court case prevented it from asking social media platforms to take down posts. Its disinformation-fighting efforts are unlikely to expand under a Trump government. In fact, the new head of the Senate Homeland Security Committee, Rand Paul, has expressed a strong wish to curtail its powers, if not eliminate it altogether.
While CISA’s high-ups fret about its future mandate, at least one creation will likely stay in place: the Cybersecurity Maturity Model Certification (CMMC). This regulation, relaunched in simplified form in December 2023, is a Trump creation. However, it isn’t out of the question that the measure could be further slimmed down under an aggressively anti-regulatory Trump 2.0 government.
Much of this is still informed conjecture, as no one really knows how many of its promises a Trump administration will follow through on. Before taking office, the president-elect and his senior officials have spoken seriously about everything from buying Greenland to reclaiming the Panama Canal and even annexing Canada.
Keep Calm And Carry On
Steve Durbin, chief executive of the Information Security Forum, says businesses should follow core cybersecurity values while we wait to see how policies form in the new administration.
“I don’t actually think it matters which government you have in place,” he said on a recent ISF podcast. “Businesses need to do much more in that space because the pace at which cyber threats continue to increase is speeding up. It’s not going to get any easier.”
One thing, at least, is guaranteed: In spite of an unpredictable administration, cybersecurity will remain a core issue and likely draw bipartisan support. What will warrant close attention is how the new leadership navigates specific policies in the next four years.
