Four years may be a long time in politics, but it is even longer in cybersecurity. As President Trump re-enters the White House, he and his Administration are returning to a cyber-political landscape that has evolved significantly since he left office in 2021. What challenges will the new administration face and what might President Trump’s record on cybersecurity indicate about the likely approach in 2025 and beyond?

When President Trump was last in office, he signed the nation’s first cybersecurity strategy in 15 years. The strategy took a more robust approach to attributing attacks to rogue states and supported the use of offensive cyber activities to combat adversaries. He also mandated the modernization of IT infrastructure at federal agency level, in recognition that outdated systems represent significant cyber risk. 

During the intervening four years, the geopolitical and cyber landscape has shifted and evolved. Conflict in Europe and the Middle East is extending into the digital theatre while existing threats such as ransomware, malware, denial of service, and social engineering have intensified and grown more sophisticated—in part due to the emergence of Generative AI. Artificial Intelligence of all varieties is adding a new dimension to both attack campaigns and defensive strategies, and regulatory authorities are struggling to keep pace with AI’s risks and opportunities.

We’ve also witnessed significant disruptive attacks via supply chains, such as Solarwinds, and on critical national infrastructure, in the shape of the Colonial Pipeline attack in 2021 and recent revelations relating to the level of Chinese infiltration of commercial telecommunications infrastructure. These have prompted regulatory action to improve software supply chain resilience through greater accountability for software companies and the adoption of secure-by-design principles. President Biden built on the previous drive to modernize federal IT systems by mandating the implementation of zero-trust security. He also signed the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which requires critical national infrastructure organizations to report substantial cyber breaches within 72 hours.

Reflecting the bipartisan nature of cybersecurity, the 2023 National Cybersecurity Strategy built on several elements of the 2018 approach, reiterating the “defend forward” offensive cyber approach. However, it went further in terms of private sector regulation, seeking to establish legislation incorporating NIST standards and guidelines.

Looking forward: balancing national cyber resilience with light-touch regulation  

As the new Administration gets to work, it will be acutely aware that a strong cybersecurity posture is essential to underpin the nation’s ambitions for progress and prosperity. With the President’s pre-election commitment to focus on artificial intelligence, cryptocurrency, and strategic competition with China, we can also expect policy transformation and potentially bold regulatory shifts—but there will certainly be areas of tension.

Key amongst these will be boosting national cyber resilience and promoting AI advances without increasing the regulatory burden. Days before leaving office, President Biden issued an Executive Order (EO) that mandates the securing of the federal software supply chain and its communication networks to counter nation-state threats, as well as requiring federal agencies to implement AI tools to defend critical infrastructure. The EO also looks at emerging risks, such as space and satellite system security. Effectively, it offers a blueprint for the next administration and a bid for a responsible transition of cybersecurity governance. The Republican approach trends towards rejecting centralized federal power in favor of devolving responsibility to individual state levels and reducing administrative obligations, and President Trump may review the EO in the coming weeks. However, the borderless nature of cyber threats and AI, the scale of worldwide commerce, and the globally interconnected digital ecosystem pose significant challenges that transcend partisanship. As recent experience makes us all too aware, an attack originating in one country, state, sector, or company can spread almost instantaneously, and with devastating impact.

Consequently, whatever the ideological preferences of the Administration, from a pragmatic perspective cybersecurity must be a collaborative national (and international) activity, supported by regulations where appropriate. It’s an approach taken in the European Union, whose member states are now subject to the Second Network Information Security Directive (NIS2)—focused on critical national infrastructure and other important sectors—and the financial sector-focused Digital Operational Resilience Act (DORA). Both regulations seek to create a rising tide of cyber resilience that lifts all ships and one of the core elements of both is a focus on reporting and threat intelligence sharing. In-scope organizations are required to implement robust measures to detect cyber attacks, report breaches in a timely way, and, wherever possible, share the information they accumulate on threats, attack vectors, and techniques with the EU’s central cybersecurity agency (ENISA). Armed with this intelligence, ENISA seeks to devise coordinated large-scale threat responses, advise on mitigation strategies, educate and inform organizations.

While the prescriptive nature of NIS2 and DORA regulations—which go so far as to stipulate pen-testing frequency and specify tool implementation—may be viewed as overly prescriptive, the incredible value of intelligence sharing for bolstering resilience should not be overlooked. Knowledge, in this case, is most definitely power, and we hope to see the new Administration supporting initiatives to enhance and develop threat intelligence sharing.

Threat intelligence sharing via a public-private partnering approach         

Certainly, there is strong potential to draw on established networks to foster a stronger and more effective cyber threat intelligence (CTI) sharing culture. Information Sharing and Analysis Centers (ISACs) are established in industries from Energy and Information Technology to Transport, Financial Institutions, and Healthcare as designated forums for sharing key information on indicators of compromise, emerging threats, and techniques. Many are international in scope, matching the borderless nature of cyber threats.

Industry ISACs also act as an important forum supporting information exchange between federal and local government authorities, including the Multi-State ISAC, and the private sector. This opens the wealth of private sector expertise shaped by companies’ experience—at international as well as local level—to bodies including the Cybersecurity and Infrastructure Security Agency (CISA) at federal level, as well as to local and regional intelligence agencies.

Although there will undoubtedly be nuances and changes in how the new Administration approaches the cybersecurity challenge compared to its predecessor, there is no doubt that national cybersecurity is a bipartisan issue of deep concern to all.

This will require collaboration, cooperation, focus, and innovation from all stakeholders in public and private sector organizations in order to shift the advantage away from adversaries. In that sense, intelligence sharing provides the knowledge that underpins cyber-power. 

Related: DHS Disbands Cyber Safety Review Board, Ending One of CISA’s Few Bright Spots

Related: US Cyber Agency’s Future Role in Elections Remains Murky Under the Trump Administration