By Tim Greene
Dec. 12, 2016
Donald Trump’s effect on cybersecurity after he’s sworn in as president next month will likely be toward military uses of cyber weapons and stronger tools for law enforcement to crack encryption, but the impact is hard to predict due to the vagueness of his proposals so far.
The most detailed Trump cyber plan is just 175 words long and includes some initiatives that sound like what’s already in place.
On the campaign trail and during debates he occasionally hit the topic, but again with little detail and perhaps little understanding of how the internet works. For example, he called for Microsoft founder Bill Gates to find a way to shut off parts of the internet to ISIS as a way to halt its recruitment efforts.
Overall, he is dissatisfied with the status quo, saying to the New York Times that the U.S. is “obsolete in cyber … I don’t think we’re as advanced as other countries are… we move forward with cyber, but other countries are moving forward at a much more rapid pace.”
Here is what’s known about Trump’s thoughts on some aspects of cyber security:
Trump famously urged a boycott of Apple products when it refused to help the FBI crack into the encrypted cell phone used by terrorists who murdered 14 people and wounded 22 others in San Bernardino, Calif., last year. This seems to indicate he favors access to devices for criminal investigations over allowing unbreakable systems.
If that becomes policy, it will cause a host of challenges for government, industry and consumers. For example, the Department of Health and Human Services requires securing medical records with encryption. Weakening encryption weakens privacy of those records.
Corporations rely on encryption to protect proprietary technology. Security vendors required to weaken encryption would be at a disadvantage against competitors who make products in countries without such restrictions. Consumers use it to protect online transactions.
Trump doesn’t have authority to impose such a policy on his own, and Congress has been divided. No legislation on the issue has been filed despite a drumbeat for it from FBI Director James Comey.
Cyber retaliation for cyberattacks
This may or may not be a change from current U.S. policy.
After the U.S. accused Russia of trying to influence the U.S. presidential election with hacked documents earlier this year, Vice President Joe Biden said the U.S. would retaliate either with sanctions or with a covert retaliatory cyberattack. Since it would be covert, it’s hard to know whether the threat was carried out.
The consequences of this type of more or less open cyber skirmishes are unknown, but if they escalate they could be devastating to economies and critical infrastructure.