1

THE TRUMP ADMINISTRATION'S CYBER SECURITY POLICIES

Dr. Chris PiersonChief Security Officer & GC

James ShreveCounsel

2

• Introductions

• Public Sector Actions

• Private Sector Actions

• State Reactions

• What we may see ahead

A G E N D A

2

3

I. INTRODUCTIONS

3

4

• Data Breaches broaden to embarrass

• Increased threat to Intellectual Property

• Government response continues to be status quo

• Public & Private Sectors Separated

I . I N T R O D U C T I O N S

4

5I . I N T R O D U C T I O N S

5

6

I I . PUBLIC SECTOR ACTIONS

6

7

7

I I . P U B L I C S E C T O R

8

E X E C U T I V E O R D E RM AY 1 1 , 2 0 1 7

• Public sector focus

• Modernizing tech

• Cloud

8

II. Public Sector

9

45 Days – Report on Priorities (June 25th)

60 days – Workforce development (July 10th)

90 days – Heads to report to OMB risk management report (Aug 9th)

60 days later - OMD Director to submit plan (Oct 8th)

90 days - Modernization report (Aug 9th)

90 days – DHS/Commerce on publicly traded infrastructure (Aug 9th)

90 days – Electrical Assessment (Aug 9th)

90 day – Warfighting and DIB report (Aug 9th)

90 Days – Deterrence & Protection adversary report (Aug 9th)

90 days – International cooperation plans (Aug 9th)

I I . P U B L I C S E C T O R

9

10

120 days – cybersecurity workforce plan (Sept 8th)

150 days – SecDEF ad DNSA (Oct 8th)

150 days – national security related activities (Oct 8th)

180 days – Cyber Report to POTUS (Nov 7th)

240 days – DHS/Commerce report on BotNets (Jan 6th 2018)

I I . P U B L I C S E C T O R

10

11

• Cyber Threat Information Sharing

• (i) Cybersecurity risk management comprises the full range of activities undertaken to protect IT and data from unauthorized access and other cyber threats, to maintain awareness of cyber threats, to detect anomalies and incidents adversely affecting IT and data, and to mitigate the impact of, respond to, and recover from incidents. Information sharing facilitates and supports all of these activities.

• CISA – December 2015

• Easier to share information

• Central point of contact (DHS)

• Protections for data shared

I I . P U B L I C S E C T O R

11

12

• Russia Hacking

• Attribution

• Indicators

• Intel Reports

• Statements to the Contrary

•

I I . P U B L I C S E C T O R

12

13

• Impenetrable Cyber

• Operational Joint Group?

• Intelligence Group?

• Joint Investigations beyond current teams?

I I . P U B L I C S E C T O R

13

14

• DOD/NSA – Co-existed since 2010 under 1 leader

• US Strategic Command (SRATCOM)

• US Cyber Command (CYBERCOM)

I I . P U B L I C S E C T O R

14

15

I I I . PRIVATE SECTOR ACTIONS

15

16

• Actions at staff level

16

• Leadership actions

I I I . P R I V A T E S E C T O R

17

17

I I I . P R I V A T E S E C T O R

• Appointments & Vacancies

18

18

I I I . P R I V A T E S E C T O R

19

19

I I I . P R I V A T E S E C T O R

20

• FCC Privacy Rule

• Nullified in April

• Ability to collect data for customer experience

I I I . P R I V A T E S E C T O R

20

21

• Set aside a key Net privacy rule and FCC voted voted 2-to-1 to temporarily stay a data security regulation within a set of new privacy rules, passed in October 2016.

• That provision would have subjected Internet service providers (ISPs) to different privacy standards than web sites, apps and other Net players.

I I I . P R I V A T E S E C T O R

21

22

• Impacts

• Privacy of Customer data

• IP Address information

• VPN usage

• IoT impacts with broader data gathering and usage

I I I . P R I V A T E S E C T O R

22

23

23I I I . STATE REACTIONS

24

24

I V . S T A T E R E A C T I O N S

Perceived inaction . . .

25

• Regulations rolled back?

• Executive holds

I V . S T A T E R E A C T I O N S

25

26

26

I V . S T A T E R E A C T I O N S

27

• Regulations

• Attorneys General

• States taking action in the void

I V . S T A T E R E A C T I O N S

27

28

28IV. WHAT WE MAY SEE AHEAD

29

• Trade Negotiations

• GDPR Impacts

• Department of State

• Critical Infrastructure & PPD-61 Incident Response

• Executive Order Reports & Implementation

V . W H A T L I E S A H E A D

29

30

• Congress taking up issues

• IoT

• Voting Machines

• Sanctions for Russia

• Legislation

V . W H A T L I E S A H E A D

30

31

31

Christopher T. Pierson, Ph.D., J.D.

EVP, Chief Security Officer & General Counsel

cpierson@viewpost.com

@DrChrisPierson

James T. Shreve, J.D.

Counsel

jshreve@buckleysandler.com

C O N T A C T U S