Skip to content

Trump’s four steps to tackle cybersecurity, explained

Example Landscape

Photo/Mark Nash

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nullam vitae ullamcorper velit. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae;.

When announcing plans for his first 100 days in office, President Donald Trump listed four steps for addressing cybersecurity: review the infrastructure, add enforcement, improve the cyber army and develop offensive and defensive technology.

The Washington Post published a six-page draft of an executive order on Jan. 26, but Trump halted plans on Jan. 31 to sign it. The order outlined two separate audits — one to review cyber vulnerabilities and the other cyber adversaries — to be completed in 60 days each. The two audits would be completed by the same five-person team, except that the secretary of defense would lead the review of vulnerabilities, while the director of national intelligence would head adversaries.

Once the two audits are completed, a cyber capabilities review would identify “an initial set of capabilities needing improvement to adequately protect U.S. critical infrastructure,” per the order.

“The scope of our cybersecurity problem is enormous. Our government, our businesses, our trade secrets, and our citizens’ most sensitive information are all facing constant cyber attacks,” Trump said in an October 2016 speech.

A report from the United States Government Accountability Office found the number of security incidents in federal agencies has increased from about 5,500 in 2006 to just over 77,000 in 2015. That’s an increase of about 1,300 percent.

The U.S. public is also wary. Cyberattacks was ranked second in a list of global threats to the United States, behind the Islamic State, according to The Atlantic.

Yet the concern about cyberattacks has risen among Democrats but fell among Republicans over the last few years, according to the Pew Research Center. This comes after controversy about Russia’s reported hacking into the Democratic National Committee and participation in the release of emails about Democratic presidential nominee Hillary Clinton.

Trump has downplayed Russia’s involvement in the presidential election, though, even after a meeting with top U.S. intelligence officials.

“While Russia, China, other countries, outside groups and people are consistently trying to break through the cyber infrastructure of our governmental institutions, businesses and organizations, including the Democrat National Committee, there was absolutely no effect on the outcome of the election, including the fact that there was no tampering whatsoever with voting machines,” Trump had said, according to CNN.

Trump has named Thomas Bossert as an adviser on national security, terrorism and cyber attacks, according to The Wall Street Journal. Bossert will manage domestic security concerns, while Michael Flynn, national security adviser for Trump, will police over international threats.

The January executive order falls in line with the first step in Trump’s four-step cybersecurity plan listed on his website. After the audits, Trump plans to conduct regular follow-ups through different federal agencies, and the team will make recommendations that could include internal monitoring, attack and penetration, investigation of suspected hackers or rogue employees and identity protection for government employees, Trump said in October.

Trump also plans to establish protocols and cyber awareness training for all government employees.

The next part would be to instruct the Department of Justice to create joint task forces to coordinate different levels of law enforcement — federal, state and local — and “crush this still-developing area of crime,” Trump said in the October speech.

From there, Trump has said he wants to enhance U.S. Cyber Command, both offensively and defensively, and then develop technology to deter attacks.

“As a deterrent against attacks on our critical resources, the United States must possess the unquestioned capacity to launch crippling cyber counter-attacks,” Trump said in October. “This is the warfare of the future, America’s dominance in this arena must be unquestioned.”

But what’s missing from the plans are clear guidelines about when to call a hack acceptable espionage, an act of aggression or an act of war, according to CNN.

Plus, protecting America’s “critical infrastructure” generally falls under the responsibility of the Department of Homeland Security and the FBI, not the Pentagon, according to The Hill. Trump’s plans include significant roles for the Department of Defense and joint chiefs of staff.

But Trump said it is an “immediate and top priority” of his administration to review cybersecurity, and that is just the beginning of a national discussion about modern-cyber crime and national security threats.