In the latest Tech Express, Kirsten Bay, CEO and President of Cyber adAPT, talks to Ellie Burns about President Donald Trump’s cyber security policy…or lack of cyber security policy.
EB: What is Trump’s cyber security policy?
KB: Well, unfortunately, there is nothing formal as of yet – we still have just four paragraphs to go off of. Which by the way, is not policy. At a high level, it isn’t enough. The challenge is his policies do not vary from others and are pretty broad brush in terms of how to implement a solution. This is why I emphasise the need for policy and education.
The country needs to understand how people are being compromised, know there is a standard in place that can be applied to issues impacting our cyber environment, and our government could be the leaders to set an example for this – a top-down strategy. There is also the need for investment in education that I do not see in his policy. My concern is there is so much existing noise around cybersecurity – we need to deal with the significant impact this is having on our economy and I am seeing lip service – we need to understand how to be more effective.
EB: What are the positive aspects of the Trump’s cyber security policy?
KB: My hope is that with this new administration reducing the red tape, it will help accelerate the adoption of policy that we need along with a clearer understanding of the impact of attacks, which will come from a more rapid path to information sharing.
EB: What are the negative aspects of Trump’s cyber security policy?
KB: There is really no focus on cyber in his administration right now. His policy or lack thereof simply speaks to increased spending, digital surveillance, and encryption. There is this sad confluence of events right now with a lack of policy, noise on the corporate side and the poor (and few) CISOs trying to get their job under tremendous pressure and a lack of resources.
EB: Can the cyber security policy be challenged or is it set in stone?
KB: There is no policy initiative on this planet that is set in stone – this needs to be challenged. Don’t even change anything – just develop a program within the government to understand what we can already do for people and what people are not already taking advantage of for their benefit. We need to inventory what we have and what we can offer rather than infusing more spending into more areas.
We are a great country right now – my question is does this new administration not want to shine a light on what is already working
READ MORE: Presidential inaugeration 2017: As Trump prepares to take office, can an election really be hacked?
EB: Will this policy have an impact on the UK?
KB: Without a doubt. We’ve seen a recent uptick in interest from UK/EU companies looking to adhere to their local security policies, because (shocker) if you don’t do it, they will fine you. Whereas here in the US we have this weird policy regulation phobia – we want to say that we have policy, however, we don’t enforce it. in the UK/EU, when they say they’re going to do something, they follow through, audit and fine you. In the US, there are a plethora of ways (mostly involving good lawyers and money) to get out of paying any financial repercussions for not following the rules