If cyber hasn't exactly languished under the Trump administration, it hasn't quite blossomed either.
To be sure, Trump presided over some big changes — most notably, the 2018 creation of the Cybersecurity and Infrastructure Security Agency (CISA). CISA has proven to be a real leader, establishing itself as America's top advisory agency, playing a big role in boosting state, local, tribal, and territorial (SLTT) election security, while also providing a variety of services to the private sector.
Trump also proved amenable to cyber-related legislation, signing a bevy of federal policies over the past four years, including bills to crack down on hackers, to strengthen the federal cyberworkforce, protect critical infrastructure and federal networks, and to establish security principles for space systems.
While it's undeniable that the outgoing president left a mark in the space, he has also made some decisions that called into question his commitment to a robust cybersecurity agenda, and — like other areas of his presidency — seemed to lack an identifiable strategy.
In particular, Trump eliminated some critical positions, like the national cybersecurity coordinator role, that would've arguably helped keep America's cyberstrategy front and center.
At the same time, despite repeated attempts by congressional homeland security committees to unleash the federal purse strings for state, local and territorial cybersecurity needs, new financial help has so far failed to materialize.
Then there was the unfortunate sacking of CISA Director Chris Krebs after he spoke out about a lack of evidence to support the president's claims of widespread election interference. That decision was bipartisanly condemned by the homeland security community.
Under Biden, some expect federal cybersecurity to take a much more prominent, strategic position, as he pushes the federal government to build off of work done in the Trump years, while also bringing on board some cyberprofessionals who played prominent roles during the Obama years.
“It’s a sea change in terms of having folks at this level of experience,” Chris Painter, an Obama era cyber official, told The Washington Post. “They don’t need to be spoon-fed or brought up to speed. Cybersecurity will be a key foreign policy issue with this group.”
Biden's pick of Alejandro Mayorkas to lead DHS has been considered a promising sign for cybersecurity. Mayorkas, who was the deputy DHS secretary during the Obama years, presided over a number of large international cybersecurity agreements that helped to still cyberhostilities between nations. In this way, the Biden administration may seek to use diplomacy to force foreign nations to deal with hackers internally, as a means of mitigating the ongoing attacks aimed at the U.S.
That said, Biden is also expected to take a somewhat more hardline approach to China, a fact that will surely have big implications for cybersecurity, both at home and abroad.
Biden has also selected Avril Haines as his pick for director of national intelligence, who — in addition to being the first woman ever nominated to the role — comes to the job with significant cybersecurity experience. Haines, who served as CIA deputy director between 2013 and 2015, worked at the agency during a time when cyberoperations were becoming much more integrated into its overall mission.
The picks, when taken together, certainly show a priority given to national security officials with healthy backgrounds in cybersecurity, while also suggesting a willingness to use U.S. cybercapabilities as both a shield and a cudgel.
Dan Stroman, with cloud services provider CloudCheckr, said that regardless of specific policy decisions from the executive branch, we can definitely expect the coming years to see a boom for the cybersecurity industry — particularly as it relates to cloud procurement at the federal level.
Case in point is the recently announced C2E contract, the multibillion-dollar arrangement to provide cloud applications to the U.S. intelligence community, specifically the CIA.
"The whole construct behind C2E is cybersecurity for the intelligence agencies," said Stroman.
In terms of how federal policy may trickle down to state, local and territorial governments, all eyes should be on CISA. The agency has been looking to expand, both in terms of its active operational capacities and its potential role as a benefactor to smaller governments à la hypothetical grant programs.
If the Biden presidency is looking to prioritize national cybersecurity, CISA will surely be a central figure in that process.
Government Technology is a sister site to Governing. Both are divisions of e.Republic.