海角大神

President-elect Donald Trump has promised that protecting the country from cyberattacks will be a 鈥渕ajor priority鈥� for his administration, but three-quarters of Passcode鈥檚 pool of digital security and privacy experts say they do not believe cybersecurity will improve with the Republican in the Oval Office.

Passcode鈥檚 latest Influencers Poll, a regular survey of 160 current and former government and intelligence officials, and leaders from the private sector and advocacy community, revealed broad pessimism about country鈥檚 digital security over the next four years both because of Mr. Trump鈥檚 stated policies 鈥� and his own personal lack of tech knowledge.

鈥淚 voted no simply because the president elect himself has shown no interest in understanding the issue,鈥� says Michael Hayden, a retired Air Force general and the former director of the CIA and National Security听Agency.

Trump鈥檚听response听to a question about how he would improve the country鈥檚 cybersecurity at a presidential debate this fall 鈥� in which he brought up his 10-year-old son鈥檚 鈥渦nbelievable鈥� computer skills and referred to digital threats as 鈥渢he cyber鈥� 鈥� was largely panned by the security community as an indication he didn鈥檛 understand the complexity of digital threats facing the country. And many security experts were mystified by his refusal to blame Russia for the high-profile hacks on political organizations that took place during the campaign, a public break with the conclusions of the US intelligence community and prominent researchers who investigated the cyberattacks.听

While Mr. Hayden, now a principal at global advisory firm The Chertoff Group, says 鈥渢here may be some hope, however, that the government under him will continue to move albeit slowly in the right direction,鈥� other experts are wondering if Trump鈥檚 campaign trail comments make it less likely top tech talent will choose to work in his administration over (typically) higher-paying jobs in the private听sector.

鈥淪et aside the lack of understanding (10-year-old sons excluded) and turning a blind eye to Russian role in an attack on American institutions, the real damage may be on the people side,鈥� says Peter Singer, strategist and senior fellow at New America think tank. 鈥淚t is hard enough for government to recruit and retain talent, especially in a field like cybersecurity. It just got bigly听harder.鈥�

Several security and privacy experts voiced concerns with Trump鈥檚 strong stance against encryption. During the campaign, he went so far as to听call for a boycott听of Apple as it pledged to fight a court鈥檚 ruling to help the FBI unlock the iPhone used by the shooter in the San Bernardino terror attack. Those who believe that strong encryption is essential for protecting consumers鈥� data from cyberattacks are alarmed at the prospects of Trump鈥檚 administration trying to mandate companies build in ways for the US government to access secure communications.听

鈥淭o date, Trump鈥檚 stance on encryption, backdoors, and cybersecurity appears naive and contrary to our founding fathers鈥� vision and innovation,鈥� says Nico Sell, cofounder of encrypted messaging app Wickr. 鈥淓veryone in the global information security community is now watching to see who Trump surrounds himself with. Security is a global critical challenge; my hope is that he brings his views up to date once briefed by intelligence experts. The world needs a strong role model on this very important issue that impacts us听all.鈥�

Cindy Cohn, executive director of the Electronic Frontier Foundation, is also calling for Trump to listen to security experts on encryption policy. 鈥淲e desperately need leadership that recognizes that empowering users and companies to provide the strongest security and creating incentives for them to do so is the best way for us to actually be more secure,鈥� she says. 鈥淭hat means supporting strong encryption and helping companies fix security problems rather than keeping them open and hoping no bad guys find them. While Mr. Trump could remedy his lack of knowledge with some reasonable appointments, there鈥檚 no indication yet that he听will.鈥�

However, 25 percent of Influencers said they believed cybersecurity would improve under Trump. 鈥淵es, I think The Cyber will continue to enjoy more attention from both the executive and legislative branch under the new administration,鈥� said one Influencer who chose to remain anonymous. 鈥淐yber will be a priority issue for the Trump administration, and progress will continue, as it would had the election results been different,鈥� another Influencer added. 鈥淚t is a 鈥榤ust do,鈥� not a 鈥榥ice to do鈥� issue.鈥� Passcode allows Influencers to reply on the record or anonymously to preserve the candor of their responses.

The cybersecurity plan on Trump鈥檚 campaign website听offers some ideas about how he might improve cybersecurity, including commissioning an 鈥渋mmediate review鈥� of both the country鈥檚 defenses and security weaknesses, and creating task forces to respond to digital threats. Trump has also said he will seek recommendations on how to enhance the military鈥檚 Cyber Command with 鈥渁 focus on both offense and defense.鈥� He鈥檚 also already tapped retired Army lieutenant general Michael Flynn, a former director of the Defense Intelligence Agency, as his National Security听Adviser.

鈥淐ould this be a Nixon to China moment? I hope so. Trump鈥檚 more aggressive rhetoric on cybersecurity gives him an obvious opportunity to set norms of restraint on certain kinds of destabilizing behaviors,鈥� says Steve Weber, professor at the School of Information at the University of California - Berkeley. 鈥淎 鈥榥o first use鈥� pledge around something like critical infrastructure would mean a lot coming from this new administration.鈥�

Other Influencers were optimistic even if they didn鈥檛 think that the president-elect or his administration would be the ones to alleviate the cyberthreats. 鈥淚f there is some major national hack, Congress will act instead,鈥� one Influencer said.

And some privacy advocates said they thought Trump himself could be the reason people fortify their digital defenses 鈥� in opposition to his embrace of surveillance and government access to encrypted communications. 鈥淭rump鈥檚 pro-surveillance campaign statements,鈥� says Elana Zeide, a privacy expert at Princeton University鈥檚 Center for Information Technology Policy, 鈥済ive everyone more incentive to secure their communications.鈥�

This article was updated after publication to clarify Elana Zeide's comments.听

Jack Detsch contributed to this article.

What do you think?听VOTE in the readers' version听of the Passcode Influencers Poll.

Who are the Passcode Influencers? For a full list, check out our听interactive masthead here.

Comments:

NO

鈥淲ith change in administrations there is opportunity, but in the near term they will be learning how to govern. While cybersecurity played out as a backdrop to the election it was not focal to Trump鈥檚 campaign. Immigration, trade, infrastructure, and Obamacare reform will suck all the oxygen out of the room and leave little room for the (civilian) security community to make gains.鈥澨�- Jeff Moss, founder of Black Hat and DEF CON

鈥淒ata security and security of IoT is a major concern for consumers. My biggest concern is the next administration mandating broad exceptional access mandates which would undermine the security of IoT.鈥澨�- Terrell McSweeny, Federal Trade Commissioner 听

鈥淭he current mix of incentives and disincentives in the US is not driving improvements and the Trump stated goals for information sharing are unlikely to improve the situation. Hopefully his focus on more efficient and effective government causes reform of acquisition and procurement, which would have a net positive effect within government.鈥澨�- Influencer听

鈥淭he answer of course depends on who the advisors to the president are and on the final policy decisions that are made and enacted, but initial indications are not favorable overall with respect to cybersecurity policy. Based on his prior comments (essentially anti-Apple/anti-encryption), the president-elect is likely to favor less security in exchange for more government access, which would weaken our security overall. Further, with a closely divided Senate, the current glacial rate of policy developments on cybersecurity will not likely accelerate, placing us further 鈥榖ehind the curve鈥� relative to worldwide developments and needs in cyberspace over time. One outstanding issue that could improve under the Trump administration is the Wassenaar Agreement, more specifically its language on 鈥榠ntrusion software鈥� to which cybersecurity technology firms and legitimate cybersecurity are strongly opposed. As this ongoing debate will run into the next presidential term, the Trump Administration has an opportunity (and presumably an interest) in 鈥榬ebooting鈥� the conversation, hopefully aiding in bringing it to a more acceptable conclusion. With proper industry expertise being applied to the renegotiation of this problematic contract, cybersecurity companies can confidently take a more active role in stopping cybercrime and cyberespionage without running the risk of prosecution or other negative impacts to their business or freedom.鈥澨�- Influencer

鈥淢y assessment is based on the initial challenges I believe the Trump administration will face in retaining and attracting the best technical talent and the most strategic policy and law thinkers. I believe we will continue to maintain a robust cybersecurity technical and tactical capacity, but I worry that episodic interference from President Trump鈥檚 senior political advisors, or unconventional geopolitical decisions by President Trump himself, may complicate a coherent approach. This challenge may, ironically, lead to more public discussion, debate, white papers, recommendations, etc. from the establishment cyber-warrior class and perhaps have more influence of time on the global cybersecurity strategy of a Trump administration over time.鈥澨�- Influencer

鈥淣othing suggests Trump - or anyone on his staff - understands even the basics of why we need to improve the nation鈥檚 defenses.听- Chris Finan, CEO of Manifold Security

鈥淚t is too early to tell, and not enough is known about their concrete policy objectives to speak with authority on whether they will take actions that improve or weaken cybersecurity. I am open to working to educate the administration about the Internet, and others should be as well.鈥澨�- 海角大神 Dawson, executive director and cofounder of the Internet Infrastructure Coalition (i2Coalition)

鈥淸What鈥檚 on Trump鈥檚 website] is extremely vague and contains no meaningful indication that Trump would improve the current state of cybersecurity.听- Yan Zhu, engineer at Brave

鈥淭rump has advocated an 鈥楢merica first鈥� foreign policy, but this type of isolationism will not work for cybersecurity. Improving cybersecurity will require US leadership and global partnerships as this is not a problem that the US can solve on its own.鈥澨�- Influencer

鈥淥ur most capable adversaries will exploit the gaps created by a change in leaders and capabilities. State sponsored activity is frequent, and taking fewer steps to disguise the activity.鈥澨�- Jenny Durkan, global chair of the Cyber Law and Privacy Group at Quinn Emanuel law firm

鈥淥ne tries to be hopeful. In reality there鈥檚 no way to predict.鈥澨�- Influencer

鈥淭rump will not regulate the IoT makers or the software makers for fear of hurting their growth and jobs. Cybersecurity under Trump will be more of the same current reactive 鈥榗yber smoke alarm and cyber fire station鈥� approach which has proven in the physical world not to prevent cities from burning down. It鈥檚 not until we have the fortitude to mandate the equivalent of brick firewalls between buildings and sprinkler systems will things change. Expect to see plenty of offense from our cyber glass house.鈥澨�- Chris Wysopal, cofounder at Veracode

鈥淚 haven鈥檛 seen any urgency on this matter during his campaign, nor do I think his base is particularly concerned with matters of cybersecurity.鈥澨�- Jeffrey Carr, president and CEO of Taia Global, Inc.

鈥淯S cybersecurity will continue to grow in relevance and attention regardless of who the president is, and companies will have to dedicate more resources and time to making good and secure decisions about how to protect data. Now, whether US *government* cybersecurity will improve - for that we鈥檒l have to wait until a cybersecurity chief is named to begin to guess.鈥澨�- Influencer

鈥淭rump and his advisors have demonstrated no understanding of cybersecurity, nor any comprehension of its importance. Moreover, the recent purge of any qualified cybersecurity experts such as Mike Rogers from his team - in favor of hacks from Breitbart and Jeff Sessions鈥� office - makes clear that they are more interested in absolute power than any constructive accomplishments.鈥澨�- Influencer

鈥淭rump lacks the discipline and vision to implement a coherent and effective approach to cybersecurity.鈥澨�- Tor Ekeland, managing partner of Tor Ekeland, P.C. law firm

鈥淢y biggest fear is Trump鈥檚 implied support for extension of law enforcement powers to include forcing vendors to break their end-to-end security in order to accommodate search warrants. The FBI鈥檚 analogy is a bank鈥檚 safety deposit box; I believe data to be fundamentally different though, and without precedent. A lot of damage can be done between now and when a relevant Supreme Court decision on this is made.鈥澨�- Nick Selby, cofounder and chief executive officer of StreetCred Software

鈥淚t is *WAY* too soon to say cybersecurity will get better or worse under a Trump Presidency, or whether the Presidency will have any influence on the state of cybersecurity. We have zero track record on what his administration will or will not champion and what his administration will or will not mandate.鈥澨�- Influencer听

鈥淭here are not enough 400 pound hackers.鈥澨�- Influencer

鈥淯S cybersecurity will improve during the Trump administration. But any improvements will have more to do with overcoming an era of cyber inertia than with anything stemming from a Trump presidency.鈥澨�- Influencer

鈥淐ybersecurity defenses are always getting better and the next four years will not be an exception (in large part because most improvements in cybersecurity arise from the private sector with its own motives). 听Unfortunately, cybersecurity offenses are always getting better too. 听Finally attack surfaces are growing, as an increasing number of Internet of Things stories reminds us. 听So, a broad answer has to balance three very different trends. Then there鈥檚 the question: improved relative to what? 听Will science advance in a Trump administration? 听Undoubtedly, because science never goes backwards and that would be true if science funding were cut to zero. But, with cybersecurity as with science, the question is one of comparison. If cybersecurity would have advanced more in a hypothetical Clinton administration than in a Trump administration is the answer to your question still 鈥榶es鈥�? 听And of course, we have no clue who Trump is going to appoint 鈥� and, otherwise, I really cannot tell what Trump鈥檚 cybersecurity policies are going to be.鈥澨�- Martin Libicki, senior management scientist at RAND

YES

鈥淔resh eyes.鈥澨�- Mark Weatherford, principal at The Chertoff Group

鈥淲hile Trump in his campaign program gave little or no indication of a concrete plan to improve cybersecurity in the US, the reality is so dire that improvements in cybersecurity will be a must.鈥澨�- Influencer

鈥淵es, contingent on him walking the talk regarding regulation accelerating the protection of the .gov morass. He needs to support the transformation at NSA and rethink the role of government.鈥澨�- Influencer听
听

鈥淚 really don鈥檛 see how he can make it worse so any changes at all will likely be improvements no matter how small. Obama couldn鈥檛 get stuff through Congress and so had to make his changes through executive proclamation. Barring some major national hack I don鈥檛 see Trump doing that. If there is some major national hack, Congress will act instead. So really I don鈥檛 see much improvement under Trump other than incremental changes. Anything like CFAA reform or changes to DMCA are pretty much off the table now I am sure. We may see a new 鈥榗yber鈥� bill get passed but it will be about as effective as CISA, in other words sound real good and have 鈥榗yber鈥� in the title but not really make a whole hell of a lot of difference.鈥澨�- Influencer

鈥淧resident-elect Trump has been more specific about the need to improve cybersecurity than about most defense issues. At a minimum, he鈥檚 likely to continue initiatives from the Obama administration to strengthen cybersecurity.鈥澨�- Influencer

鈥淧revious presidents have so far been unsuccessful in constructing cohesive and well informed cybersecurity policies or installing multi-disciplinary leadership. As the International cyber threats have increased in sophistication and scope, we鈥檙e rapidly approaching an inflection point where if something isn鈥檛 done, it will be done to us via external entities. Just as hacking, cybersecurity, and email breaches have been core to the election process, they will continue to grow and affect Trump鈥檚 new government. Hence, in Trumps presidency, the US government and agencies are having their hands forced in to dealing with this invasive hacking epidemic.听- G眉nter Ollmann is chief security officer at Vectra

鈥淚n October, the US Chamber wrote an听open letter听to the听45th president听to recommend that the incoming administration prioritize three cybersecurity issues: First, we need to build on the momentum behind the joint industry-National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity, which business leaders and policymakers see as a key pillar for managing cyber risks at home and internationally. Closely linked, we urge the incoming Trump administration to harmonize existing regulations with the cyber framework. Cutting cyber red tape will serve the cause of bolstering security. Second, the Trump team starts in a strong position with the enactment of the Cybersecurity Information Sharing Act (CISA). By working as an ally with industry, the next administration can lead a culture shift to bring businesses off the sidelines to engage in effective threat information-sharing. Third, Washington鈥檚 policies ought to encourage greater adherence to international norms of acceptable behavior and deterrence in cyberspace. The pros and cons of cyber deterrence deserve more careful scrutiny than they have received to date.鈥� -听Matthew Eggers, executive director for cybersecurity policy in the National Security and Emergency Preparedness Department at the US Chamber of Commerce

鈥淭he reason for 鈥榊es鈥� is that, in cybersecurity, offense has permanent structural advantage. 听AI applied to offense will result in Mexican standoff, which will be called 鈥榩eace.鈥櫶�- Dan Geer chief information security officer for In-Q-Tel

鈥淚t is not possible at this point to predict this. Trump changes his mind all the time and the direction is most likely to be determined by top advisors who as yet remain unnamed.鈥澨�- Influencer听

What do you think?听VOTE in the readers鈥� version听of the Passcode Influencers Poll.