For years, a mantra in cyber circles was the need for sustained attention to cybersecurity policy at the highest levels of government, starting with the president.
Government officials constantly preached — and still do — the need for corporate CEOs to be personally engaged on cybersecurity, and it came to be expected that the president of the United States would provide an example and be similarly locked in on the issue.
With that background in mind amid the political uproars of President Trump's first seven months in office, a number of players closely involved in cyber policy development were eager to say cybersecurity initiatives are advancing with a seeming immunity from the nation's day-to-day political drama.
"Cyber doesn't seem to be affected by whatever turmoil exists elsewhere," said one business-sector source active in multiple cybersecurity efforts. "I don't see any balls being dropped across government. At the implementation level, things are working."
Another source, with experience on Capitol Hill and within federal agencies, pointed to White House homeland security adviser Tom Bossert and Department of Homeland Security official Christopher Krebs as cyber policy veterans who are helping push forward various policy initiatives.
"I think cybersecurity is one area of policy that is being handled by expert professionals — mostly overworked career civil servants at [the Department of] Commerce and DHS, plus a few solid politicals like Bossert and Chris Krebs at DHS — and has not yet been infected with the poisonous turmoil that characterizes so many other areas," the source said.
The source noted that new chief of staff John Kelly's plan for organizing the White House has yet to be fully revealed, while adding, "But my guess is on balance it will serve to bolster the forces of expert professionalism."
There have been no indications yet on how Kelly's review of the White House will affect homeland security and cybersecurity functions within the White House. Kelly served previously as homeland security secretary.
"Any time a new chief of staff comes into the White House, they will review positions, roles, and responsibilities and how the operation is working," said Kiersten Todt, who was executive director of the Commission on Enhancing National Cybersecurity in 2016. "General Kelly's experience at DHS will be an asset and will be constructive and valuable in how it informs his role at the White House on cyber," Todt said.
But Todt also stressed the need for presidential leadership on cyber.
"We can't advance the cyber policy agenda at the working level of government," she said. "Without White House leadership, government won't be able to get anything done, and we are developing a potentially strong cyber policy apparatus within the White House. NIST did a great job on the [the government's cyber] framework, but as the senior leaders at NIST will tell you, policy is not their mission. While we commend what we all did to make the framework a success, we need senior leadership at the White House and throughout the interagency to effect enduring change on cyber policy."
Cybersecurity veterans say important initiatives are advancing across government and the private sector, including federal agencies' ongoing implementation of the National Institute of Standards and Technology's framework of cybersecurity standards under Trump's recent executive order on cybersecurity.
Other positive indicators that sources pointed to include work on an update to the cyber framework in partnership with industry, and outreach efforts to the private sector on cyber initiatives at the Commerce Department and State Department.
The business-sector source called the Trump executive order an encouraging sign that officials have been able to identify and advance cyber priorities.
"We waited three or four months for the executive order" after an initial draft was pulled back early in the year, the source said. "When it was released in May, it was comprehensive in addressing the national cybersecurity priorities. It assigned responsibility to the right people at agencies. And it was aggressive in getting feedback on issues like deterrence, international engagement and marketplace transparency."
That puts even more importance on efforts to "get it right" within the bureaucracy and among industry sectors.
"There is going to be significant pressure on government and industry to demonstrate that we can implement cybersecurity solutions," the business source said.
The process is underway and there will be plenty of opportunities to assess effectiveness in the coming months.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers, and author of "Hacked: The Inside Story of America's Struggle to Secure Cyberspace," published by Rowman and Littlefield.