The Trump administration has quietly consulted technology industry leaders ahead of issuing a delayed executive order on cybersecurity, even as executives have clashed with the White House over policies including the president’s efforts to limit entry to the U.S.
President Donald Trump delayed the signing of a cybersecurity directive that had been planned for Jan. 31 just as legal challenges stalled his effort to ban travel to the U.S. by citizens of seven predominantly Muslim countries. While no new date has been set for signing the cyber order, executives attending a security conference in San Francisco this week said the administration has sought input to help smooth the rollout.
“People associated with the administration have reached out for feedback to myself and other experts in the industry as they’re thinking through the strategy for cybersecurity and more,” Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike Inc., said in an interview. CrowdStrike was hired by the Democratic National Committee last year to investigate Russia’s breach of its computer systems.
Michael Brown, a retired Navy rear admiral who’s vice president and general manager of cybersecurity company RSA’s Global Public Sector unit, said his and other companies have conveyed what the Trump administration should concentrate on, including public-private partnerships to bolster defenses.
“We have been working our priorities in talking to the administration,” Brown told reporters in San Francisco this week. “We’re trying to influence the conversation around the role the private sector can have with respect to policy and, in fact, engagement -- the ability to respond to the threats that are out there, working together.”
After high-profile breaches at the Office of Personnel Management and the Pentagon during the Obama administration, Trump’s initial draft of the cyber order would have held government agency heads personally responsible for securing their departments’ computers against hackers, according to a Trump aide who asked for anonymity to describe it.
House Homeland Security Committee Chairman Michael McCaul, a Republican from Texas, said the administration still needs to define its cyber policy.
“I’ve been urging the administration to develop a new national cybersecurity strategy as soon as possible,” McCaul said Feb. 14 in San Francisco. “We are feeling tectonic shifts on the virtual ground beneath us, and our current cyber plans just won’t cut it.”
He and others said that based on leaked drafts they expect the administration to order a broad, government-wide cybersecurity assessment, as Trump promised during his presidential campaign.
Some in the private sector are cautious about making judgments on Trump’s cyber policies -- or even being involved in the process -- before the executive order comes out. There was also unease when initial leaked versions of the order had few references to the private sector and its role.
The Information Technology Industry Council, which represents big companies including Adobe Systems Inc., Facebook Inc. and Microsoft Corp., is trying to cultivate ties with the administration. The council sent Trump’s transition team a list of recommendations from its members on how to improve cybersecurity at federal agencies. Based on draft versions of the executive order they say they’ve seen, the directive has “been getting better and has evolved,” said Pamela Walker, the council’s senior director for federal public sector technology.
“Everybody is waiting for the executive order” to see how it affects government agencies and the companies they work with, Walker said in a phone interview. “We thought it was heading in the right direction and aligned with things we’ve been promoting.”
Those drafts promise some continuity with former President Barack Obama’s approach, according to Lisa Monaco, who served as Obama’s homeland security adviser. Monaco cited a focus on an open and innovative internet that’s "prioritized for commerce" as well as on information-sharing.
"The draft I saw, the preamble, you basically could lift that entire paragraph out of President Obama’s cyber strategy," she said Feb. 14 in a speech in San Francisco.
Technology firms have a complicated relationship with Trump. Many of the sector’s executives and employees helped raise money for his campaign rival, Hillary Clinton, and more than 120 companies, from Apple Inc. to Zynga Inc., filed an impassioned legal brief condemning his immigration order.
Those companies and others remain eager to see who Trump names to senior cybersecurity roles. Some advisers from the Obama era have stayed on, but key positions remain unfilled both within the White House and at some federal agencies. Daniel Lerner, a staff member of the Senate Armed Services Committee, said a big question is who will steer Trump’s policies, especially in the Defense Department.
"There’s been some names that have been announced, but I don’t think we’ve received many formal appointments yet, especially on cyber," he said in an interview. He said a key appointment will be who is tapped as the principal cyber adviser to Defense Secretary James Mattis.
The best-known figures working on cybersecurity in the administration so far are former New York Mayor Rudy Giuliani, who Trump has said would lead a committee to work with private-sector experts, and Thomas Bossert, the president’s assistant for homeland security. Monaco said she spent a dozen hours during the transition with Bossert, her replacement, discussing issues such as cybersecurity and the need to replace outdated federal computer systems. Bossert worked on the National Security Council during President George W. Bush’s administration.
CrowdStrike’s Alperovitch said Bossert understands cyber “really well” and realizes the government needs the private sector to combat cyber threats, so the outreach to companies is a “very encouraging sign.”