A blog of the Science and Technology Innovation Program
With the incoming Trump Administration will come a new wave of cyber policy. Looking at possible returning cyber experts can share some insight into what one could expect in the next administration.
With the incoming Trump administration, changes to the United States鈥 cyber policy and priorities can be expected. While speculation remains around who will be nominated for the top cyber positions within the federal government, looking at , particularly at likely returning experts, can lend some perspective on what policy priorities may emerge. Additionally, drawing on cyber policy and directives from the first Trump administration can help shed light on what direction the incoming administration will take. Below are themes that are likely to guide the next administration鈥檚 cyber strategy.
During Trump鈥檚 first administration, cyber workforce development was a top priority, as evidenced by the and the. Many of the names floating around for different cyber positions are staunch supporters of cyber workforce development who backed these initiatives in the last Trump administration, like former National Director of the Karen Evans and former Principal Assistant Secretary for the Office of Cybersecurity, Energy Security and Emergency Response (CESAR) Sean Plankey. It鈥檚 likely that many of the names seemingly up for consideration will prioritize the cyber workforce regardless of which position they are appointed.
While the Biden administration continued to prioritize cyber workforce development following Trump鈥檚 first administration, the potential cyber nominees may indicate a shift in strategy鈥搒pecifically to a heightened focus on operational technology (OT) cybersecurity workforce development. During Trump鈥檚 first presidency, CESAR expanded , a training program to secure industrial control systems (ICS), from. Additionally, CESAR created the fellowship in 2020 to provide OT security managers training on various cyber threats in the energy sector, creating 鈥渁 pipeline from OT engineers to OT cyber professionals鈥 as described by Plankey, who is as a major catalyst for its creation. With the potential return of Plankey and other OT cybersecurity advocates like , who previously served in the Office of Management and Budget, , who served as Assistant Secretary for Infrastructure Protection at DHS, and , who served as Assistant Secretary for Cyber, Infrastructure, Risk, and Resilience Policy at DHS, one can expect a bolstering of existing OT cyber workforce programs and the development of new initiatives.
Since standing up the Cybersecurity and Infrastructure Security Agency (CISA) in 2018, Trump and many of his allies have become steadfast critics of the agency. Complaints stem from accusations that the organization its bounds by engaging in campaigns to prevent mis- and disinformation, which the next administration is likely to roll back. Potential cyber nominees, such as Harrell; , the former Director of International Cybersecurity Policy for the National Security Council (NSC); and , the former Principal Deputy Assistant Secretary for CESAR, suggested a narrowing of CISA鈥檚 scope in the next administration. Notably, Andersen the organization for growing too large too fast and becoming a dumping ground for any cyber-related problem, calling for a streamlining and reduction of responsibilities for the organization. While not without his own criticisms of the agency, Hayden previously about the need for proper funding for CISA to ensure that it can effectively carry out White House cyber mandates, remaining skeptical that CISA鈥檚 role would be completely negated. Across the various names currently in the running, there is a consensus that changes need to and will be made to CISA in the next administration.
While the next Trump administration is likely to reduce CISA鈥檚 responsibilities, another agency is positioned to gain additional roles. , Klipstein, and , previously a Senior Policy Director on the NSC, have all expressed that the Office of the National Cyber Director (ONCD) should play a leading role in harmonizing cyber measures across the federal government, relieving CISA of some of its current responsibilities. While in regards to workforce development, Evans has also ONCD鈥檚 prime position to coordinate efforts across agencies. These views suggest that ONCD may play a greater role in harmonizing and leading cyber policy under the incoming administration, reforming CISA鈥檚 mandate to focus its efforts on incident response, critical infrastructure, and supply chain security. Notably, lead Democrats previously support around granting ONCD a leading role in harmonization efforts, foreshadowing a potential bipartisan effort.
The first Trump administration authorized the National Security Presidential Memorandum (NSPM) 13, granting 鈥溾 authorities to the DoD to conduct time-sensitive military operations in cyberspace, in effect streamlining the approval process. This policy was later revised by the Biden administration, in part due to other agencies鈥 concerns that the operations could have wide-ranging impacts on human rights, diplomatic efforts, and private infrastructure. The revised policy granted limited approval power to the State Department. The next administration is likely to once again prioritize such streamlining efforts, which will only be bolstered by the appetite for a more offensive cyber posture from past and potentially returning Trump cyber experts, such as and Hayden. Speaking in an interview with , Hayden argued that current deterrence measures are ineffective because malicious actors do not believe they will face any consequences. He elaborates, saying that the US possesses the tools and expertise to take on strategic deterrence and must begin to leverage capabilities like the US Cyber Command.
Underlying this attitude is the increasing number of state-backed cyber attacks. President Trump returns to the White House during the 鈥,鈥 where People鈥檚 Republic of China (PRC)-linked group Salt Typhoon the President-elect鈥檚 own phone. As the government remains trying to fully remove Salt Typhoon from telecom networks, this will undoubtedly influence any cyber strategy coming out of the next administration.
Alongside conversations of increased offensive cyber operations under the next administration, discussion is also stirring around the possible creation of an independent Cyber Force. In his previous term, President Trump stood up the , the first new US military branch in 73 years. When paired with the likely emphasis on offensive cyber operations in the next administration, some argue that the Space Force establishes a , hinting that the President-elect may be more amenable to the creation of a Cyber Force. Those in favor of a Cyber Force this would allow for a more centralized management of US cyber capabilities, enabling more efficient responses as well as recruitment requirements tailored to the unique needs of cyber operations versus traditional military operations. Critics, however, argue it would only lead to further , reducing the military's effectiveness in the cyber domain. Trump himself has not spoken publicly about the matter.
As evidenced by the Space Force, the first Trump administration recognized the rising threats in space. The administration particularly recognized and prioritized the cyber-threat to space systems and the need to build resilience into current and future space systems, as outlined in the . This administration also revived the and pioneered , which outlined cybersecurity principles for space systems, and was the first policy document that called for encryption in space systems. Potential returning cyber expert Klipstein remains concerned about cybersecurity in space since his time in the White House, that 鈥渟pace is more the wild west than the internet is.鈥 In an interview with podcast , Klipstein specifically advocated for a NIST standard to support Space Policy Directive 5. It is also notable that, following his first administration, President-elect Trump developed a close relationship with SpaceX founder, Elon Musk, which may lend him some influence in space policy directions. Overall, with an already strong portfolio when it comes to securing cyberspace in space, one can expect that the second Trump administration will continue to prioritize securing space systems.
Potential nominees for top cyber positions in the next administration have recognized the security enhancing capabilities of AI. , , and former Deputy Assistant of State for Cyber and International Communications and Information Policy at the State Department have all spoken about the opportunities to strengthen cyber resilience utilizing AI. has gone as far as to say, 鈥淎I is the best tool defenders have to identify and prevent zero-day attacks and malware-free attacks because AI can defeat novel threats based on behavior cues rather than known signatures.鈥 Hayden has spoken multiple times about the various applications of AI in enhancing cybersecurity, speaking about the potential in and implementing zero-trust architecture, in , and in monitoring threats. One can expect that AI enabled and enhanced cybersecurity measures will continue to be integrated into government cyber security strategies.
Only time will reveal how cyber policy will unfold under the incoming administration. However, while this certainly not an exhaustive list, this analysis hopes to provide prospective priorities grounded in potential nominees past engagements and cyber priorities demonstrated by the last Trump administration.
The Science and Technology Innovation Program (STIP) serves as the bridge between technologists, policymakers, industry, and global stakeholders. Read more
