• President-elect Donald Trump’s unique campaign and status as an outsider have made his cyber policy positions difficult to predict.
• Trump’s cybersecurity vision calls for a “Cyber Review Team” composed of law enforcement, military, and private sector experts. The team would conduct a “top-to-bottom” review of U.S. cybersecurity infrastructure.
• Trump’s vision also calls for a comprehensive review of U.S. military cyber capabilities and greater integration with federal, state, and local law enforcement on cyber threats.
• Trump also supports the controversial concept of cyber deterrence built heavily on a robust offensive cyber capability, though this may change.
• On information and communication technologies, Trump has aligned with most Republicans. He has advocated against the transfer of Internet Assigned Numbers Authority (IANA) to international control and has stated he is against the Federal Communication Commission’s ruling on net neutrality.
• President-elect Trump has tended to side with law enforcement over industry and privacy groups regarding encryption and other issues involving the tension between privacy and security.
Throughout both his primary and general election campaigns, President-elect Trump’s unconventional campaign and outsider status have made his policy positions difficult to predict. Unlike his opponents, Trump has not employed high-profile national security or policy professionals who may be able to better enumerate the finer points of his cybersecurity policy. In addition, President-elect Trump’s stances on key issues have changed remarkably over time — at times aligning and conflicting with the Republican establishment — and reflect a more pragmatic than ideological approach to policy issues. These factors have confounded attempts at a more granular understanding of President-elect Trump’s cyber policy.
The Trump campaign has released the broad strokes of his cybersecurity policy on his campaign website. The centerpiece of President-elect Trump’s cybersecurity strategy is a top-down review of the U.S. cybersecurity posture, to include an “immediate review of all U.S. cyber defenses and vulnerabilities, including critical infrastructure.” This “Cyber Review Team” would consist of key individuals from stakeholder groups such as military, law enforcement, and the private sector. This proposal is remarkably similar to President Obama’s Commission on Enhancing National Cybersecurity.
For military cyber defense, President-elect Trump has promised to order a comprehensive review of U.S. military cyber capabilities. He has stated that he will order the Secretary of Defense and Chairman of the Joint Chiefs of Staff to conduct a review of United States Cyber Command (CYBERCOM). The review will focus on “both offense and defense in the cyber domain.” This review comes at a critical time for CYBERCOM, as both the Department of Defense and both Houses of Congress are in a heated debate over the fate of the agency. The discussion centers around whether to split it off from its integration with the National Security Agency, promote it to a full combatant command, or, as some have advocated, create an entirely military cyber force. Republicans are split on the issue, and President-elect Trump has not taken a firm stance.
Trump has also advocated strengthening the United States’ arsenal of offensive military cyber capabilities, though it is unclear what this means. Trump’s website states that he will “develop the offensive cyber capabilities we need to deter attacks by both state and non-state actors and, if necessary, to respond appropriately.” Trump has called out cyber intrusions by both China and North Korea as examples where the United States should “respond appropriately.” The effectiveness of robust and visible offensive cyber capabilities as a deterrent has not been proven, and Republican national security circles appear to be split on the issue. President-elect Trump’s stance on cyber deterrence and proportional response in the cyber domain could continue to evolve as new advisors join his transition team.
Trump’s campaign plans to “instruct the U.S. Department of Justice to create Joint Task Forces throughout the U.S. to coordinate Federal, State, and local law enforcement responses to cyber threats.” In general, Trump has sided with law enforcement in weighing privacy versus security, stating he would “err on the side of security.” In the recent debate over encryption, Trump sided with law enforcement over civil liberties organizations and the technology community. In the FBI’s court battle against Apple to unlock the iPhone of the San Bernardino shooter, Trump publicly sided with the FBI. Given these facts, it is possible that President-elect Trump would be in favor of government-mandated backdoors for law enforcement on digital devices protected by encryption.
President-elect Trump’s policies have generally aligned with the mainstream Republican establishment regarding regulation of Internet carriers, technology, and oversight and regulation of ICT infrastructure. Trump has publicly stated his opposition to the Federal Communication Commission’s (FCC) Open Internet Order, which preserved net neutrality — the principle that Internet Service Providers should treat all Internet traffic equally. One of the few known advisors to Trump’s transition team rumored to be in charge of telecom policy, Jeffrey Eisenach, suggested that he “would expect [Trump] to appoint to the FCC [a chairman] who would be inclined to take a less regulatory position.” This is a strong indicator that Trump may attempt to reverse the FCC’s ruling on net neutrality, a stance that aligns closely with many Republican members in the U.S. Congress.
Trump has also advocated against a bill authorizing transfer of the Internet Assigned Numbers Authority (IANA) to be regulated and managed internationally, rather than by the U.S. government. Trump campaign spokesman Stephen Miller has stated, “The U.S. should not turn control of the Internet over to the United Nations and the international community.” The opposition appears to be motivated by fears that countries like China and Russia would be able to impose their own Internet censorship and restrictions on the United States, or the wider global community. Though the bill that allows IANA’s transfer to international control under a non-profit passed, President Trump may continue to press the issue to return IANA to U.S. control under the U.S. Department of Commerce.
Additionally, Trump has advocated against transferring the Internet Assigned Numbers Authority (IANA) to an international body, rather than being managed by the U.S. government. Earlier this year, Trump supported a measure by Senator Ted Cruz (R-TX) that would stop the transfer and keep it under the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA). Regarding the issue, Trump campaign spokesman Stephen Miller has stated, “The U.S. should not turn control of the Internet over to the United Nations and the international community.” The opposition appears to be motivated by fears that countries like China and Russia would be able to impose their own Internet censorship and restrictions on the United States or the wider global community. Though Cruz’s bill ultimately failed to pass, President Trump may continue to press the issue to return IANA to U.S. control under the U.S. Department of Commerce.
Many of President-elect Trump’s stated policy positions appear to have been formed by campaign staff rather than policy experts — a result of his streamlined campaign model and unique strategy, which has focused on broad vision and message over policy details. In the next few weeks and months, however, as his transition team’s circle of advisors expands, President-elect Trump’s cyber policies will likely evolve as more concrete and robust policy positions are formed for his administration. The finer points of these positions will likely be fleshed out further after major cabinet positions are decided and more policy-oriented political appointments become clearer approaching Inauguration Day.