Cybersecurity under the Trump Administration Authors: George Little, Mark Seifert and Siobhan GormanNovember 2016

Brunswick Intelligence

Cybersecurity under the Trump Administration

Overview

President-elect Donald Trump has not laid out a comprehensive plan to address cybersecurity challenges. We anticipate that his views will take shape as he begins receiving intelligence briefings that provide details of the cyber threats facing the country. If Trump follows the Republican platform, he will be inclined to step up offensive cyberattacks in response to state-sponsored hacking of U.S. entities. His position on whether the government should be able to access encrypted communications is unclear. When it comes to bolstering the cybersecurity of U.S. businesses, he is expected to support private-sector solutions over regulation. In terms of the U.S. government, he has called for a top to bottom review of its cybersecurity defenses.

How to respond to the election-related hacks that U.S. intelligence agencies have attributed to Russia will be an early cybersecurity challenge for the Trump administration. The Obama administration has stated publicly that it will retaliate against Russia for the hacking. Early signs indicate Trump will continue this approach more broadly and consider a more offensive position to state-sponsored hacking. A related decision Trump will face is whether and when the U.S. government

should retaliate against state-sponsored hacking when the target is a U.S. company or other non-governmental entity.

From a reputational standpoint, the nascent state of a cybersecurity policy framework from the Trump administration allows companies to offer perspectives as they relate to issues of interest to business. Given that Republicans control both houses of Congress and the White House, the opportunity for action is strong. Given the traditional aversion to regulations for the private sector, expect Congressional action to focus on oversight of implementation of the Cyber Security Act of 2015, including business and government information sharing programs, and sharing threat information between the U.S. and other countries. This Congress will be looking for ways to spur industry-government partnerships that will elevate cyber preparedness and response. In recent history, agencies such as the Securities and Exchange Commission have been prone to more regulatory action, but it remains unclear whether this will continue under the next administration given the value of limited regulation to the market. In addition to oversight of key cyber issues such as nation state attacks and threats against critical infrastructure, the administration will likely look to the private sector for guidance.

Key Takeaways � Hacking by foreign actors, encryption, and cyberattacks targeting critical infrastructure are likely to be the main cyber issues confronting the Trump administration.

� Private-sector solutions to cybersecurity issues will be favored over federal regulation, providing companies with an opportunity to speak out on issues of interest to business.

� Prominent policy influencers in the new administration will include Sen. Jeff Sessions (R-AL) as Attorney General, Rep. Mike Pompeo (R-KS) as Director of the CIA, retired Lt. Gen. Mike Flynn as National Security Adviser, and K.T. McFarland as Deputy National Security Adviser as well as Silicon Valley billionaire Peter Thiel.

� Companies with a strong policy position on cybersecurity should reach out to the administration and related influencers early-on to ensure their involvement in policy development.

2

Companies seeking a particular policy outcome in the new administration have the opportunity to champion policies in a space that has yet to solidify. Given the spotlight on cyber issues during the campaign, companies with proposals that address cyber-related concerns can strike early to influence the debate. Otherwise, companies without a considered policy position on cyber-related issues would do well to monitor the conversation as the politics and policies develop over the next six months.

Cyber Proposals from the Campaign

Throughout the campaign, Donald Trump provided limited concrete cyber policy proposals other than promises to make cybersecurity a “top priority” and order a “thorough review of cyber defenses and weaknesses.”

� Cyber Threats: At an October event in Virginia, Trump called cyberattacks from “China, Russia, and North Korea… one

of our most critical national security concerns” and called for enhanced counterattack capabilities to respond to state and non-state actors.

� Encryption: Although encryption is not explicitly included in his official platform, Trump called for a boycott of Apple in February 2016 for not helping the FBI access its encrypted devices.

� Internal Review: Trump’s official cyber platform calls for “an immediate review of all U.S. cyber defenses and vulnerabilities, including critical infrastructure” by a Cyber Review Team.

3

Policy Influencers

The members of Trump’s transition team largely agree on the need for greater retaliation against state-sponsored hackers, cyber protections for critical infrastructure, and backdoors for federal access to encrypted devices. An increased reliance on private sector cyber solutions is also supported by several members of the transition team. Although much remains unclear at this time, the following individuals and organizations will be important sources for the administration as it moves forward.

Influential Individuals

Sen. Jeff Sessions (R-AL) has been a member of the Senate Armed Services Committee and will be nominated as the next Attorney General.

� Cyber Threats: Sen. Sessions has criticized the Obama administration for not adequately addressing cyber threats and not creating a comprehensive “cyber

doctrine.” Overall, however, Sen. Sessions has not been very vocal on cybersecurity issues.

A former director of the Defense Intelligence Agency, retired Lt. Gen. Mike Flynn is also a vice-chairman of the Trump transition team and the incoming White House National Security Adviser.

� Cyber Threats: Lt. Gen. Flynn has been quite vocal about the “growing” cyber threat of non-state actors and has called for retaliatory action against state-sponsored hacking.

A former aide during three Republican presidencies, national security analyst K.T. McFarland is the incoming Deputy National Security Adviser.

� Cyber Threats: McFarland has suggested that the U.S. is currently in a “cyber war” with Russia and has called for a stronger offensive stance to address state-sponsored hacking.

Representative Mike Pompeo (R-KS) is a member of the House Permanent Select Committee on Intelligence and will be nominated as the Director of the CIA.

� Encryption: As a member of the Select Committee on Intelligence, Rep. Pompeo supported increased data collection for surveillance purposes and backdoor access to encrypted devices.

James Carafano is the vice president for foreign and defense policy at The Heritage Foundation and has been assigned to oversee the foreign policy transition.

� Encryption: In March 2016, Carafano co-authored a paper on the Apple encryption debate that supported the creation of a committee to study encryption and recommended that the committee examine the needs of the country in terms of defense and intelligence as well as personal liberty.

� Regulations: In additional papers over the past year, Carafano has asked the U.S. government to abandon “heavy-handed” regulations in favor of public-private information sharing on cyber threats.

Peter Thiel is one of the few Silicon Valley billionaires to publicly support Trump and will be one of the most influential voices on

4

behalf of the tech sector. Thiel is a co-founder of PayPal and software company Palantir as well as one of Facebook’s first professional investors.

� Encryption: Confinity Inc., a company co-founded by Thiel as an early version of PayPal, gave users the tools to encrypt data on their devices. Thiel has not been publicly vocal about this issue but is well-versed on the private sector’s views regarding encryption.

Influential Think Tanks

� On November 1, 2016, The Heritage Foundation published “Blueprint for a New Administration: Priorities for the President” suggesting that the incoming president improve government cybersecurity practices and establish a National Cyber Center to conduct cyber analysis at a national level.

� On June 14, 2016, the American Enterprise Institute published “An American Strategy for Cyberspace: Advancing Freedom, Security, and Prosperity” outlining the foundation’s views on cybersecurity. In this report, AEI called for global cooperation to address cybercrime and increased efforts to defend

critical U.S. infrastructure from cyberattacks.

� The CATO Institute’s most prominent voice on cybersecurity, Senior Fellow Julian Sanchez, has criticized Trump for his lack of clarity on cybersecurity issues.

� Over the past year, the Hoover Institution’s cybersecurity division has focused on issues of encryption and malicious hackers but has also called for greater regulation of foreign intelligence surveillance.

� The Hudson Institute has occasionally discussed the need for cooperation between Washington and the private sector in the encryption debate.

George Little Partner, The Brunswick Group (202) 393-7337 glittle@brunswickgroup.com

Mark Seifert Partner, The Brunswick Group (202) 393-7337 mseifert@brunswickgroup.com

Siobhan Gorman Director, The Brunswick Group (202) 393-7337 sgorman@brunswickgroup.com

In Conclusion

As the Trump administration has provided a limited framework on cybersecurity issues, opportunities still exist for companies to involve themselves in the formation of this agenda. Major cyber issues addressed by the administration will include responses to state-sponsored hacking as well as encryption and protections for critical infrastructure. Companies looking to influence the cyber policy debate should reach out to the administration and influential parties early to participate in this rapidly changing conversation. We welcome the opportunity to discuss this evolving political landscape, and we will provide updates as policies develop under the new administration.

Sincerely,

5

Contact Brunswick

Washington, DC1099 New York Avenue, NW Suite 300 Washington, DC 20001 USA

Tel: +1 202 393 7337 Email: washingtonoffice@brunswickgroup.com

www.BrunswickGroup.com

Brunswick Group

Brunswick is an advisory firm specializing in critical issues and corporate relations: a global partnership with 23 offices in 14 countries. Founded in 1987, Brunswick has grown organically, operating as a single profit center – allowing us to respond seamlessly to our clients’ needs, wherever they are in the world.

6