5 Cybersecurity Priorities for The Trump Administration

President Donald Trump’s administration will assume a cybersecurity portfolio that has continued to evolve toward combating digital threats since the Cybersecurity and Infrastructure Protection Agency (CISA) was created 6 years ago out of the Department of Homeland Security (DHS). CISA’s mission is a formidable one. The list of hostile threat players in cyberspace is quite extensive. Nation-states, organized criminals, terrorists, and hacktivists are all included.

Cybersecurity is an ongoing process that continually morphs and needs investments in technology and people to be resilient. Unfortunately, government and industry are already at an asymmetrical disadvantage. Threat actors, particularly state-sponsored and criminal enterprises, are taking advantage of the growing cyberattack surface and utilizing their resources to employ increasingly complex methods for identifying target vulnerabilities, automating their phishing attacks, and identifying new and deceptive ways to infiltrate malware.

In a digital world, CISA’s importance continues to grow. While we wait for appointments to the incoming administration’s cybersecurity team to be filled, it is important to consider the agenda and issues that will be the focus of the continued quest to help secure vulnerable networks, systems, and devices. Kudos to Jen Easterly and her team for her CISA leadership during the last several years. She did a great job of promoting and implementing key programs that can continue to evolve under the new Administration. Cybersecurity is one of the few areas of government that has strong bipartisan support and cooperation. And that spirit de corps which was evident in cybersecurity for CISA during President Trump’s first term and will continue during the second.

From my outside looking in perspective, 5 areas will receive priority attention with CISA under the new Administration as we begin 2025. They include, 1) Protecting U.S. critical infrastructure, 2) Prioritizing Interagency Government Cooperation and Public-Private Cooperation, 3) Building on Government Cyber Risk Management Strategies, 4) Addressing The Emerging Technology Landscape, and 5) Ensuring The Cybersecurity of Space Systems

1) Protecting U.S. critical infrastructure

CISA describes critical infrastructure as “the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety.” CISA’s stated role is to coordinate “security and resilience efforts using trusted partnerships across the private and public sectors, and deliver training, technical assistance, and assessments to federal stakeholders as well as to infrastructure owners and operators nationwide.”

CISA has identified 16 infrastructures that are deemed critical because their physical and digital assets, systems, and networks are considered vital to national economic security, safety, and public health. Those infrastructures include financial systems, chemical plants, water and electric utilities, hospitals, communication networks, commercial and critical manufacturing, pipelines, shipping, dams, bridges, highways, and buildings.

How much critical infrastructure is being targeted? According to the report from cybersecurity firm KnowBe4, “Between January 2023 and January 2024, critical infrastructure across the world sustained over 420 million attacks, equivalent to 13 attacks per second, further illustrating the escalating threat landscape.” Cyberattacks on critical infrastructure surge by 30% in 2024, KnowBe4 report reveals

The surge in cyber attacks will continue. The new reality is that most critical infrastructures operate in a digital environment that is internet accessible. The trends of integration of hardware and software combined with growing networked sensors are redefining the surface attack opportunities for hackers across all digital infrastructures. Protecting critical infrastructure Industrial Control Systems, Operational Technology (OT), and IT systems from cybersecurity threats is a constant challenge. They all have unique operational frameworks, access points, and a variety of legacy systems and emerging technologies. Cybersecurity relies on the same security elements for protection as physical security layered vigilance, readiness, and resilience. In all cases of critical infrastructure protection, the requirements of situational awareness, the ability to safely access, alert, and message principals and communities are paramount.

The Trump Administration will continue to put a high premium on protecting infrastructures critical to the vitality of our economy and security. Cybersecurity is mostly a nonpartisan endeavor in government, and both parties are aware of the risks and repercussions of breaches. Incoming Department of Homeland Security Gov. Christi Noem recognizes that paradigm and stated in a message to her constituents the following. “Ransomware. Cyber bullying. Phishing. Hacking. Data leakage. You don’t need to be an expert in cybersecurity to know that as technology advances, so do the risks to our businesses, our personal identities and finances, and our children. … 95% of cybersecurity breaches are caused by human error, and the average cost of a data breach is over $4 million. Damage related to cybercrime is projected to hit $10.5 trillion annually by 2025.” South Dakota Governor

2) Prioritizing Interagency Government Cooperation and Public-Private Cooperation

Cybersecurity is increasingly a national security mission, and the Trump administration will focus on that dictum. The cybersecurity matrix involves many government agencies and cooperation from the private sector. As the primary civilian government agency collaborating with corporate, state, local, and tribal stakeholders on cybersecurity threats, CISA has formally assumed a more significant role in recent years. Most importantly, last year CISA, led by Jen Esterly, established the Joint Cyber Defense Collaborative (JCDC) to radically change the ways cyber risk is mitigated through ongoing operational cooperation between reputable corporate partners and the government. The Joint Cyber Defense Collaborative, or JCDC, was founded by CISA to bring together cyber defenders from industry and government for planning and response. The expressed purpose of the JCDC is to: Design whole-of-nation cyber defense plans to address risks, Support joint exercises to improve cyber defense operations, and Implement coordinated defensive cyber operations. Other government organizations, such as the FBI, NSA, and U.S. Cyber Command, assist the JCDC with threat information and in collaboration with industry.

Sharing information on threats and risks is one of the most principal functions of government and industry collaboration. Sharing such information helps allow both government and industry to keep abreast of the latest viruses, malware, phishing threats, ransomware, and insider threats. Information sharing also establishes working protocols for lessons-learned and resilience that is critical for the success of commerce and the enforcement against cyber-crimes

Public Private Partnerships (PPP) are integral to CISA’s role. PPPs positively impact both government and industry. Collaboration between government and industry stakeholders is a proven model that makes good sense. Together, the government and the private sector can share information on threats identify products, align flexible product paths, evaluate technology gaps, and help design scalable architectures that will lead to more efficiencies and fiscal accountability. Bridging R&D spending between the government and private sectors should also allow for a more directed and capable cybersecurity prototype pipeline to meet modern technology requirements.

Moreover, such cooperation will continue to expand with allies globally in meeting threats. The United States has made a concerted effort to establish allied cybersecurity alliances that include informational sharing and technological development in recent years. Some of these bilateral efforts include creating advanced working partnerships with the UK, Israel, India, Japan, Canada, Germany, Estonia, and others.

Congress has supported CISA’s expanded role and involvement with industry. Several bi-partisan bills have bolstered the agency’s integral role in cyber preparedness, response and resilience for both government and industry. Building trust through cooperation is a natural curve, these relationships create a vehicle for collaboration that can help reduce costs, build expertise, and innovation, and provide business continuity and resilience with significant industry expertise and capabilities surrounding the Trump team, intra-government and public-private collaboration will be on the agenda.

3) Building on Government Cyber Risk Management Strategies

The practice of cybersecurity is fundamentally about risk management. Gap analysis, vulnerability assessment, threat mitigation, employee education, best practices, and having up-to-date resilience plans to react to incidents are all part of this risk approach. Zero Trust, Defense in Depth, and Security by Design are three important risk management themes that CISA and other security-related government organizations have backed in their attempts to combat cyber threats.

The cybersecurity paradigm known as "Zero Trust" (ZT) shifts defenses away from static, network-based perimeters and toward a focus on users, assets, and resources. Workflows and industrial and enterprise infrastructure are planned to use zero-trust concepts using a zero-trust architecture (ZTA). Based only on an asset's physical location (local area networks versus the internet), its network location, or its ownership (personal or enterprise), zero trust presupposes that there is no implicit confidence given to assets or user accounts. Before establishing a session with an enterprise resource, separate processes of authentication and authorization (both subject and device) are carried out. Zero Trust has been adopted throughout government, largely as a response to knowing what may lie in networks after the Solar Winds breach and to enable stronger access management of sensitive data.

Within the security community, Defense in Depth has several well-defined concepts and has been a cornerstone for legacy systems. According to a NIST publication, the Defense-in-depth idea is "an important security architecture principle that has significant application to cloud services, storehouses of sensitive data, industrial control systems (ICS), and many other areas." We argue that a defense-in-depth posture that is both "narrow," meaning that there are fewer node-independent attack pathways, and "deep," meaning that it has several layers of protection.

"Security-by-Design" refers to the construction of technological products that provide a reasonable level of protection against malevolent cyber actors successfully accessing devices, data, and connected infrastructure. It necessitates building agile systems with operational cyber-fusion to be able to monitor, recognize, and respond to emerging threats. CISA recently created an initiative to get companies involved with enterprise software products and services, including on-premises software, cloud services, and software as a service (SaaS) to pledge to adhere to security by design. There have been hundreds of companies that have signed up.

To mitigate security risk, it is essential to have a strong cyber risk management approach and a working adaptable framework. An effective risk management approach necessitates information sharing that helps government and industry keep abreast of the latest viruses, malware, phishing threats, ransomware, insider threats, and denial of service attacks. Information sharing also establishes working protocols for lessons learned and resilience which is critical for the success of mitigating incidents.

Cybersecurity has been significantly strengthened by the combination of Zero Trust, Defense in Depth, and Security by Design risk approaches. Security by design monitors manages and maintains the security process. Defense in depth enables layers of redundant protective security measures to help deter data breaches. And Zero Trust focuses on protecting resources (assets, services, workflows, network accounts) through strict identity & access management enforced by authentication and proper authorization. These frameworks are already operational and proven, and it is logical to assume that the Trump administration will continue to build upon them.

Chuck Brooks, President of Brooks Consulting International, is a globally recognized thought leader and subject matter expert Cybersecurity and Emerging Technologies. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn.” He was named as “Cybersecurity Person of the Year by Cyber Express, as one of the world’s “10 Best Cyber Security and Technology Experts” by Best Rated, as a “Top 50 Global Influencer in Risk, Compliance,” by Thompson Reuters, “Best of The Word in Security” by CISO Platform, and by IFSEC and by Thinkers 360 as the “#2 Global Cybersecurity Influencer.” He was featured in the 2020 and 2021 Onalytica "Who's Who in Cybersecurity" – as one of the top Influencers for cybersecurity issues and in Risk management. He was also named one of the Top 5 Executives to Follow on Cybersecurity by Executive Mosaic. He is also a Cybersecurity Expert for “The Network” at the Washington Post, Visiting Editor at Homeland Security Today, Expert for Executive Mosaic/GovCon, and a Contributor to FORBES.

In government, Chuck has received two senior Presidential appointments. Under President George W. Bush Chuck was appointed to The Department of Homeland Security (DHS) as the first Legislative Director of The Science & Technology Directorate at the Department of Homeland Security. He also was appointed as Special Assistant to the Director of Voice of America under President Reagan. He served as a top Advisor to the late Senator Arlen Specter on Capitol Hill covering security and technology issues on Capitol Hill. Currently Chuck is serving DHS CISA on a working group exploring space and satellite cybersecurity.

In industry, Chuck has served in senior executive roles for General Dynamics as the Principal Market Growth Strategist for Cyber Systems, at Xerox as Vice President & Client Executive for Homeland Security, for Rapiscan and Vice President of R & D, for SRA as Vice President of Government Relations, and for Sutherland as Vice President of Marketing and Government Relations. He currently sits on several corporate and not-for-profit Boards in advisory roles.

In academia, Chuck is Adjunct Faculty at Georgetown University’s Graduate Applied Intelligence Program and the Graduate Cybersecurity Programs where he teaches courses on risk management, homeland security, and cybersecurity. He designed and taught a popular course called “Disruptive Technologies and Organizational Management.” He was an Adjunct Faculty Member at Johns Hopkins University where he taught a graduate course on homeland security for two years. He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.

In the media, Chuck has been a featured speaker at dozens of conferences, events, podcasts, and webinars and has published more than 250 articles and blogs on cybersecurity, homeland security and technology issues. Recently, Chuck briefed the G-20 Energy Conference on operating systems cybersecurity. He has also presented on the need for global cooperation in cybersecurity to the Holy See and the US Embassy to the Holy See in Rome. His writings have appeared on AT&T, IBM, Intel, Microsoft, General Dynamics, Xerox, Juniper Networks, NetScout, Human, Beyond Trust, Cylance, Ivanti, Checkpoint, and many other blogs. He has 104,000 plus followers on LinkedIn and runs a dozen LI groups, including the two largest in homeland security. He has his own newsletter, Security & Tech Trends, which has 48,000 subscribers. He also has a wide following on Twitter (19,000 plus followers), and Facebook (5,000 friends).

Some of Chuck’s other activities include being a Subject Matter Expert to The Homeland Defense and Security Information Analysis Center (HDIAC), a Department of Defense (DoD) sponsored organization through the Defense Technical Information Center (DTIC), as a featured presenter at USTRANSCOM on cybersecurity threats to transportation, as a featured presenter to the FBI and the National Academy of Sciences on Life Sciences Cybersecurity. He also served on working group with the National Academy of Sciences on digital transformation for the United States Air Force He is an Advisory Board Member for the Quantum Security Alliance. Follow Chuck on social media: LinkedIn: https://www.linkedin.com/in/chuckbrooks/ and Twitter: @ChuckDBrooks

Chuck BrooksChuck BrooksDecember 9, 2024artificial intelligence, cybersecurity, Trump, critical infrastructure, risk management, United States, interagency cooperation, public-private cooperation