President-elect Trump’s initial round of Cabinet selections will inherit vast cybersecurity responsibilities, but have little experience on the issue.
His choices to run the Departments of Commerce, Justice, Treasury, Health and Human Services and even Transportation all will oversee major cybersecurity programs and face decisions on whether to continue Obama administration initiatives in their areas.
Wilbur Ross, Trump’s choice to run the Commerce Department, will take over a key — if not the preeminent — point of interaction between the government and private industry on cybersecurity issues over the past four years.
That starts with the National Institute of Standards and Technology, a Commerce Department agency that produced the framework of cybersecurity standards and extends through department-led engagements on issues such as identifying vulnerabilities in software to working with foreign governments.
Outgoing Commerce Secretary Penny Pritzker, a former business executive, strongly embraced the department’s cybersecurity role and frequently emphasized that government should not regulate around the issue but work in partnership with industry.
Commerce launched a string of “multi-stakeholder” processes with industry partners to sort through complex cybersecurity problems and propose solutions in areas such as securing the emerging Internet of Things, the vast web of interconnected devices ranging from smart refrigerators to self-driving cars.
It probably won’t take much persuading to convince Ross, a private equity investor, to avoid the regulatory track and instead let industry lead on cybersecurity.
The real question is whether cybersecurity gets as much attention on his watch, as Ross is expected to focus heavily on international trade issues and rebalancing the economic relationship with China.
Sen. Jeff Sessions, R-Ala., the choice for attorney general, has been a Senate Armed Services Committee and Senate Judiciary Committee member, so he’s fully briefed on cybersecurity issues. But he hasn’t been a high-profile player and, again, it remains to be seen where he places this on the Justice Department’s priority list.
The DOJ, of course, is on the front lines of fighting international cybercrime.
The Treasury Department is in that fight too, and plays an enormous regulatory role in overseeing how financial firms protect themselves against hacks.
Nominee Steve Mnuchin’s familiarity with online security issues is unclear, but the former Wall Street executive will face immediate calls from the financial industry to trim back and streamline mandatory cybersecurity rules for that sector.
At HHS, Rep. Tom Price, R-Ga., as secretary will face a suite of cybersecurity choices even as he focuses on rolling back Obamacare. One key decision would be how to secure the data of everyone who enrolled in Obamacare if he decides to take down the insurance exchanges established under the law.
Another will be what to do with a special task force set up under the Cybersecurity Act of 2015 and whether to heed industry calls to adopt a universal, voluntary framework for the sector.
Price has been a Ways and Means Committee member, and his views on cybersecurity policy aren’t well-known.
Likewise, Elaine Chao, Trump’s pick for the Department of Transportation, is an unknown on online policy but could play a key role on issues such as ensuring the cybersecurity of autonomous cars. Obama’s transportation secretary helped kick off a government-auto-industry collaboration on self-driving cars that could find favor with the incoming team.
The big choices on cybersecurity — running the Departments of State, Defense and, perhaps most importantly, Homeland Security — are expected to come as early as this week.
Trump also needs to select a new director of national intelligence, and fill numerous sub-Cabinet and staff positions with cybersecurity responsibilities.
Cyber’s place in the Trump administration’s hierarchy of policy priorities should come into greater focus with the next round of selections.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers, and author of “Hacked: The Inside Story of America’s Struggle to Secure Cyberspace,” published by Rowman and Littlefield.
