Why cyber needs to be front and center in the transition

Experts warn that past transitions have ignored the lessons learned by outgoing administrations, and the stakes are so high now that the Trump Administration needs to heed the advice of Obama's cyber officials.

Shutterstock image: breached lock.
 

The incoming Trump administration can't afford to ignore the lessons learned during the Obama administration, according to a group of experts convened to discuss the transition. 

Historically, new administrations have been warned of the importance of cybersecurity policy and yet have tended to ignore the problem until confronted with a crisis.

"We want them to get it from Day One," said Bob Gourley, former CTO at the Defense Intelligence Agency and co-founder and partner at Cognitio. "[The Trump team needs] to understand some of how the technology works, some of how the mission depends upon technology and a lot about the threat.... If those guys don't get it, it doesn't matter what the rest of us do," he said at a policy event hosted by CQ-Roll Call in Washington.

"There are a lot of things that are going to be taking up [the incoming president's] attention," said Steven Chabinsky, general counsel and chief risk officer at CrowdStrike and a member of the President's Commission on Enhancing National Cybersecurity. "This is a really complex issue, and if you don't think about it early in the administration, it's not something that's easily resolvable or that you can catch up to.

"Jonathan Litchman, a former intelligence officer and co-founder and CEO of the Providence Group, said the Trump administration needs to recognize from the outset that the executive branch is not well organized to confront cyberthreats. Too many agencies and offices have a piece of cybersecurity, but there isn't a holistic structure and that needs to change.

John Carlin, former assistant attorney general for national security, said the Trump team needs to know that it's entering the cyber battle at a disadvantage.

"We're behind both in terms of defense of government systems but also where we are in our ability to protect the private sector," and more needs to be done faster, he said.

Carlin stressed three priorities for the next administration. First, it must continue to refine the cyber deterrence strategy to raise the cost of launching cyberattacks. Second, the "carrots and sticks" must be rebalanced to foster better information sharing between government and industry. Third, he said the Trump administration will have to confront the growing technological change and threats that come with the internet of things.

The panelists expressed concern that the Trump administration will follow historical precedent and not make cybersecurity a priority from the outset. But that concern was leavened by optimism that there is bipartisan recognition of the importance of cybersecurity and broad agreement on the need to focus on it. Congress also will have to act quickly next year on federal breach notification legislation, reform of oversight of cybersecurity, liability protection and acquisition reform, they said.

Chabinsky said many of the recommendations Obama administration officials will present to the Trump team and many of the recommendations in the presidential commission report due on Dec. 1 will not be novel. Most of the ideas have been on the table for some time, and the challenge has been resourcing and executing the ideas.

"It's execution, but it's based on priority, alignment and solid metrics to make sure that it's effective and cost-effective," he told FCW. "Globally, there's been a lack of attention to the metrics that are needed to see what really works, and as the problem changes and our infrastructure changes and as the threat changes, are we still pursuing even the right solutions?"