What Could the Trump Administration Mean for Cybersecurity?

The results of the 2024 US presidential election kicked off a flurry of speculation about what changes a second Donald Trump administration will bring in terms of policy, including cybersecurity. 

InformationWeek spoke to three experts in the cybersecurity space about potential shifts and how security leaders can prepare while the industry awaits change.   

Changes to CISA 

In 2020, Trump fired Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs after he attested to the security of the election, despite Trump’s unsupported claims to the contrary. It seems that the federal agency could face a significant shakeup under a second Trump administration. 

“The Republican party … believes that agency has had a lot of scope creep,” AJ Nash, founder and CEO of cybersecurity consultancy Unspoken Security, says.  

For example, Project 2025, a policy playbook published by conservative think tank The Heritage Foundation, calls to end “… CISA’s counter-mis/disinformation efforts.” It also calls for limits to CISA’s involvement in election security. The project proposes moving the CISA to the Department of Transportation. 

Trump distanced himself from Project 2025 during his campaign, but there is overlap between the playbook and the president-elect’s plans, the New York Times reports.  

Related:2024 Cyber Resilience Strategy Report: CISOs Battle Attacks, Disasters, AI ... and Dust

“I think it safe to say that CISA is going to have a lot of changes, if it exists at all, which I think [is] challenging because they have been very responsible for both election security and a lot of efforts to curb mis-, dis- and malinformation,” says Nash.  

AI Executive Order 

In 2023, President Biden signed an executive order regarding AI and major issues that arose in the wake of its boom: safety, security, privacy, and consumer protection. Trump plans to repeal that order.  

“We will repeal Joe Biden’s dangerous Executive Order that hinders AI Innovation, and imposes Radical Leftwing ideas on the development of this technology. In its place, Republicans support AI Development rooted in Free Speech and Human Flourishing,” according to a 2024 GOP Platform document.  

Less federal oversight on the development of AI could lead to more innovation, but there are questions about what a lack of required guardrails could mean. AI, how it is developed and used, has plenty of ramifications to cybersecurity and beyond.  

“The tendency of generative AI to hallucinate or confabulate … that's the concern, which is why we have guardrails,” points out Claudia Rast, chair of the intellectual property, cybersecurity, and emerging technology practice at law firm Butzel Long.  

Related:Juliet Okafor Highlights Ways to Maintain Cyber Resiliency

While the federal government may step back from AI regulation, that doesn’t mean states will do the same. “You're going to see … California [and] Texas … and other states taking a very proactive role,” says Jeff Le, vice president of global government affairs and public policy at cybersecurity ratings company SecurityScorecard.   

California Governor Gavin Newsom signed several bills relating to the regulation of GenAI. A bill -- the Texas Responsible AI Governance Act (TRAIGA) -- was introduced in the Lone Star State earlier this year.  

Cybersecurity Regulation 

The Trump administration is likely to roll back more cybersecurity regulation than it will introduce. “I fully anticipate there to be a significant slowdown or rollback on language or mandated reporting, incident reporting as a whole,” says Le.  

Furthermore, billionaire Elon Musk and entrepreneur Vivek Ramaswamy will lead the new Department of Government Efficiency, which will look to cut back on regulation and restructure federal agencies, Reuters reports. 

But enterprise leaders will still have plenty of regulatory issues to grapple with. “They'll be looking at the European Union. They'll be looking at regulations … coming out of Japan and Australia … they'll also be looking at US states,” says Le. “That's going to be more of a question of how they're going to navigate this new patchwork.” 

Related:Next Steps to Secure Open Banking Beyond Regulatory Compliance

Cyber Threat Actors  

Nation state cyber actors continue to be a pressing threat, and the Trump administration appears to be planning to focus on malicious activity coming out of China, Iran, North Korea, and Russia. 

“I do anticipate the US taking a more aggressive stance, and I think that's been highlighted by the incoming national security advisor Mike Waltz,” says Le. “I think he has made a point to prioritize a more offensive role, and that's with or without partners.” 

Waltz (R-Fla.) has been vocal about combatting threats from China in particular.  

Preparing for Change 

Predicting a political future, even just a few short months away, is difficult. With big changes to cybersecurity ahead, what can leaders do to prepare? 

While uncertainty prevails, enterprise leaders have prior cybersecurity guidelines at their fingertips today. “It's time to deploy and implement the best practices that we all know are there and [that] people have been advising and counseling for years at this point,” says Rast.