Microsoft’s president, Brad Smith, has urged President-elect Donald Trump to continue the cyber security work of his predecessor. He pointed out that threat actors from countries like China, Iran, and Russia pose escalating dangers to both the US and global security.
In a conversation with the Financial Times, Smith acknowledged the progress made during President Joe Biden’s term but emphasized the need for more decisive actions to discourage cyber attacks. He criticized Russia for allowing financially motivated ransomware groups to target US and Western organizations, sometimes even supporting these attacks quietly. Smith stated, “I hope that the Trump administration will push harder against nation-state cyber attacks, especially from Russia, China, and Iran. We should not tolerate the level of attacks that we are seeing today.”
The cyber landscape keeps evolving, and there’s rising concern about government agencies facing increased threats. Spencer Starkey from SonicWall pointed out that malicious attacks on government entities are on the rise. In a divided environment, these threats pose significant risks to national security, critical infrastructure, and the safety of sensitive information. Starkey underscored that protecting government networks demands ongoing communication, collaboration with the private sector, and strict penalties to deter future attacks.
As the US cyber security community discusses the future of the Cybersecurity and Infrastructure Security Agency (CISA) amid the presidential transition, questions loom. Since its inception, CISA has carried out impactful operations and worked closely with agencies like the UK’s National Cyber Security Centre. Jen Easterley, its current leader, has enriched its role in advocating for diversity in the industry but will step down in January 2025. Despite CISA’s successes, its future is uncertain, especially given the history of its first director, Chris Krebs, who was removed after challenging Trump’s claims of election interference.
The new head of the Department of Homeland Security (DHS), which oversees CISA, also adds uncertainty. South Dakota Governor Kristi Noem, who has criticized CISA for federal grants, has pushed for cyber security initiatives at the state level but faces a challenging path if confirmed. Moreover, the controversial Project 2025 plan for Trump’s second administration suggests cutting CISA’s funding and shifting some responsibilities to the Department of Transportation.
On the fundamental cyber policy front, ESET’s Tony Anscombe noted that certain issues, like the potential ban on paying ransomware, are unlikely to change under Trump. He highlighted the complexities of such a ban, particularly in life-threatening scenarios in healthcare, where opting to pay might become a necessity. Trump’s approach to using tariffs and sanctions to protect US companies might extend to cyber issues as well. Anscombe speculated that if cyber threats escalate, sanctions on countries harboring cyber criminals could become more prevalent, yet the current sanctions against known cyber crime groups appear ineffective, as payments continue, and accountability remains elusive.