Democrats to Take Charge of Federal Cybersecurity in Election Aftermath

Written by Edward Gately
January 8, 2021

Democrats will have their hands full when dealing with federal cybersecurity.

Now that Democrats have gained control of the presidency and both houses of the Congress, a big question is how this will impact federal cybersecurity.

Federal cybersecurity has made big headlines in recent months. The massive SolarWinds hack led to security breaches at numerous U.S. government agencies. Specifically, the attackers breached the National Telecommunications and Information Administration (NTIA), the Department of Homeland Security (DHS) and more.

And the U.S. Justice Department is the latest federal agency to say it was breached in the hack.

Furthermore, during this week’s insurrection at the U.S. Capitol, rioters stole devices belonging to government officials.

So can we expect to see changes in federal cybersecurity with the Democrats in control? We spoke with Jerry Ray, SecureAge‘s COO, and Heather Paunet, Untangle‘s senior vice president.

Channel Futures: What could Democratic control of the presidency and both houses mean for federal cybersecurity?

SecureAge’s Jerry Ray

Jerry Ray: The Democratic sweep of both the legislative and executive branches offers one of the most essential and necessary elements of sound cybersecurity policy: apolitical and data-driven decision making. Far beyond any changes to the cybersecurity capabilities and posture within government departments and agencies, the adherence to passion-free and data-based cyber policies will encourage the private sector and individuals alike to do the same. Imaginary claims will be replaced by more technical descriptions of the threats, as well as genuine attribution to the bad actors – a la Russia – regardless of any diplomatic stances or international alliances.

It’s not that the Democratic party is entirely altruistic and would not politicize any event or issue, cyber-related or otherwise. In this environment, anything that can be revealed and presented as undisputed and easily verifiable fact will be far easier to adopt by any entity or organization, regardless of political bent.

CF: Are there particular federal cybersecurity issues that likely could be addressed?

JR: The first two obvious moves that Democratic leadership will address will be a correction of some sort regarding the director of the Cybersecurity and Infrastructure Security Agency (CISA) after the ridiculous firing of Chris Krebs shortly after the election, and a deliberate response to the recent cyberattacks against federal agencies enabled through the SolarWinds exploit.

Beyond those more notorious cyber-related issues, Democratic leadership will work on cybersecurity policies related to data protection statutes akin to those in Europe, such as GDPR, and the provision of funding to federal agencies and entities providing critical infrastructure for shoring up their internal systems to prevent and minimize both external and internal threats. This should inspire many states to follow by allocating funds to help protect organizations beyond the direct reach of the federal government, such as school systems and voting infrastructure.

While less newsworthy over the past several months, the privacy concerns of the Democratic constituency will be addressed. Everything from electronic surveillance to protection of data generated and stored by government agencies, corporations and small merchants, will be reviewed and policy presented to diminish the seemingly never-ending cycle of wide-scale data breaches trailed by years of individual suffering through drained bank accounts, identity theft, or similar.

Untangle’s Heather Paunet

Heather Paunet: The impact of the Sunburst [SolarWinds] attack, which was brought to light in December 2020, is still unravelling. The recent media coverage of this attack raised awareness of what can be at stake as victims were found to be U.S. federal agencies such as the DHS, parts of the Pentagon and five branches of the U.S. military.

CF: Are we likely to see any big changes taking place in federal cybersecurity?

JR: Given the acceleration of cyberattacks and the technology that enables them, the likelihood of new policies coming about is impossible to gauge. At a minimum, though, a Democratic-led legislature and presidency makes any progress far more likely than at any point over the past six years. Those aspects that don’t require …