Cybersecurity in Flux as Trump Administration Pushes Change, Experts Say
The Trump administration has so far raised many questions about its approach to tackling cybersecurity, former acting NTIA Administrator Evelyn Remaley said during a USTelecom webinar Tuesday. Other experts said the administration is mostly on the right track, though they conceded its policies remain a work in progress.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
One big concern is “the flux in leadership and staffing, the DOGEing, if you will, which has been underway at many of the agencies and the impact that that is having,” Remaley said, referring to the Department of Government Efficiency, which President Donald Trump established to spearhead sometimes massive staff cuts at federal agencies. In addition, confirmations have been "slow." Cybersecurity “has always been a team sport,” but much of the current policy is in transition, she noted.
The NSA is under acting leadership, and the Cybersecurity and Infrastructure Security Agency and the National Security Council have seen staff reductions, said Remaley, who now works at Wilkinson Barker. “We’ve just seen a complete reorganization at [the State Department] in terms of their cyber team,” she added. “There’s still a lot that we don’t know yet as leadership comes into place” and decisions are being made by a smaller group of principals.
The Trump administration is putting significant emphasis on the threat from China, and everything related to national security “is really being filtered through that lens,” Remaley said. “We’re seeing that impact supply-chain policy, cyber policy, what many of the agencies are doing.” Trump’s focus on tariffs and trade is also an important dynamic behind most policy calls, she said.
Moreover, the administration is moving away from public-private partnerships on security, which have been around since the early 1960s and the Cuban missile crisis, Remaley said. They’re “relooking” at all such relationships and shifting more policy to the states, which “is having a huge impact.”
Robert Mayer, senior vice president of cybersecurity and innovation at USTelecom, had a more positive perspective, though he agreed that policies are evolving. “We’re off to a promising start, but there are still a lot of questions to be answered,” he said. “We are in a moment of flux.” One unknown is the future of the Critical Infrastructure Partnership Advisory Council, he said. “We’re hoping that that will be restored.”
Mayer said that under the Trump administration, industry is seeing less emphasis on compliance with federal rules and more focus on “reducing risks based on real-world threats.” The administration wants to cut “burdensome regulations” and “free up resources for threat defense.”
“I think we can all agree that we need policies that enable our security teams to be agile and focus on the threat and not paperwork,” Mayer said. He pointed to some of Trump’s nominees, such as Sean Plankey as director of CISA, who have real-world experience in security. Sean Cairncross, Trump's nominee for national cyber director, has strong managerial experience, he added.
A March executive order on Achieving Efficiency Through State and Local Preparedness shifted focus from “an all-hazards approach to what they call a risk-informed approach,” Mayer said. “Working with industry and collaboration early … is absolutely vital.”
Allan Reiter, director of technology at Nex-Tech, agreed that much remains in flux during the early days of the new administration. His company needs to be able to “respond to the daily cybersecurity threats that we see and the daily reported vulnerabilities,” he said, adding that collaboration is critical.
Small carriers struggle to keep up with federal security advisories, Reiter said. The biggest challenge is focusing on the “highest” vulnerabilities and addressing them as quickly as possible, he said. A national risk registry “could help in this battle.”
Kathryn Condello, a fellow at Lumen, said the provider’s top concern is making sure federal staff cuts don’t limit “engagement” with agencies. Lumen is also looking to formalize “what our cyber information sharing and collaboration protocols are within the sector.”
The March executive order puts more focus on the states, and “I’m not sure how that will play out,” Condello said. What’s more important is that the order seeks to review and modify “foundational policies and procedures … that have been in place in some cases for more than 25 years.” Those are the policies “upon which we’ve built our practices,” she noted.
Remaley said the “worst-case scenario” is companies dealing with 50-plus different plans for cyber response. “That is just not sustainable,” she said. “The internet is globally connected. One vulnerability in one place has an impact on the entire network.”