Trust has been in short supply in the nation’s capital in recent weeks, but it is an essential ingredient in developing cybersecurity policy and in making that policy work.
For example, private-sector companies are trying to create zones of trust for sharing sensitive data on cyberthreats among themselves.
And the Department of Homeland Security, FBI and other federal and state agencies are anxious to build enough trust with the private sector that companies will feel comfortable sharing cybersecurity information with the government.
Beyond that, DHS, the Office of Management and Budget and virtually every other federal agency needs to establish a level of trust that each entity is carrying its weight in securing the .gov domain.
Likewise, lawmakers on Capitol Hill need workable ties with their counterparts in the executive branch, with the private sector and among themselves.
But congressional reaction to President Trump’s Cabinet-level nominees show how far they need to go.
The Senate relatively quickly approved three nominations for Cabinet positions with cybersecurity jurisdiction — the secretaries of homeland security and defense, and the CIA director — before the confirmation process descended into partisan warfare.
The nominees for attorney general, secretaries of state, treasury, commerce, health and human services and transportation, and the OMB director, all encountered intense Democratic opposition at the committee level and on the Senate floor.
Secretary of State Rex Tillerson was confirmed by the Senate amid an unprecedented level of opposition. Secretary of Transportation Elaine Chao, the wife of Majority Leader Mitch McConnell, was approved despite the opposition of Minority Leader Chuck Schumer.
Tillerson could be a leading player in trying to develop international norms of behavior in cyberspace; Chao will oversee cyber initiatives such as securing self-driving cars and interconnected transportation systems.
Republicans say Democrats are blocking a floor vote on Commerce Secretary-designate Wilbur Ross despite the absence of any articulated opposition to the nominee.
“They are just blocking everybody,” McConnell’s spokesman said.
Ross’ department has been at the cutting edge of government-industry collaboration on cybersecurity, particularly through the National Institute of Standards and Technology’s framework of cybersecurity standards.
Democratic opposition delayed committee and then floor votes for Attorney General-designate Jeff Sessions, Treasury Secretary-designate Steven Mnuchin and HHS Secretary-designate Tom Price.
Treasury and the Justice Department are at the forefront of efforts to combat international cyber crime.
Meanwhile, OMB Director-designate Mick Mulvaney was approved by the Homeland Security and Governmental Affairs Committee on Feb. 2 despite the opposition of senior Democratic Sen. Tom Carper, Del., at the normally bipartisan panel. OMB plays a central role in securing federal networks.
Cybersecurity wasn’t an issue for any of these nominees, but it could suffer collateral damage from the battle in the Senate.
Trust is vital to cyber policymaking because of the sensitivity of the data involved and the potential for catastrophic attacks.
Trust is the element that allows cyber policy to advance despite natural jurisdictional tensions and jealousies in Congress and the executive branch.
It’s also essential to the long-running, bipartisan effort to replace “silos” — in which government and private-sector security professionals see only pieces of the cyber landscape — with a more collaborative cybersecurity approach.
That has been a longtime goal of cyber experts both inside and outside government.
Observers will be watching to see what effect the current political climate will have on this still-evolving process as the Trump administration begins to put its stamp on cyber policy.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers, and author of “Hacked: The Inside Story of America’s Struggle to Secure Cyberspace,” published by Rowman and Littlefield.
