Trump administration should focus on cyber rules, grants and international partnerships, Biden official says
On the same day outgoing President Joe Biden met with President-elect Donald Trump to discuss the transition between them, a top White House cyber official made some recommendations for early cyber priorities for the incoming administration.
In its first 100 days, the Trump administration should build a framework for minimum cybersecurity standards for critical infrastructure companies, establish cybersecurity grants for those in need and deepen international partnerships, said Anne Neuberger, Biden’s deputy national security adviser for cyber and emerging technology.
Neuberger offered those suggestions at an event Wednesday hosted by the Columbia University School of International and Public Affairs in what she called the bipartisan tradition of cybersecurity, having received “the baton” from the prior administrations and passing it on in a world of threats heavily dominated by China, ransomware and artificial intelligence.
“As we think about what the administration has done in each of those areas, we’ve learned a lot about what’s worked, what hasn’t worked,” she said, and the idea is to share “what we learned on both sides.”
There’s some indication of bipartisan continuity ahead on the issue of minimum cybersecurity standards, the lone topic in the 2024 Republican platform referencing cyber.
“We must have minimum regulations across critical infrastructure, because if our pipelines and our ports leave their digital doors and windows open, then it’s too easy,” Neuberger said.
One lesson learned that Neuberger pointed to is that in the aftermath of the 2021 Colonial Pipeline hack, the administration shouldn’t have exerted its emergency authority to issue pipeline cybersecurity regulations before consulting industry. “Lesson No. 1: That wasn’t a good idea,” she said. Subsequent rules have brought in industry on the front end, she said.
It’s also important to measure compliance with those regulations, she said. Under the first inspections required by the pipeline rules in October of last year, 53% of the critical pipelines met the standards, Neuberger said, compared to 100% as of the end of this October. She also noted that rules for rail and aviation, rolled out later than the pipeline rules, jumped from 21% to 68% for rail over the same time frame, and from 0% to 57% for aviation.
How to go forward with future cyber regulations is unsettled, however, because of a Supreme Court ruling this year that overturned the so-called Chevron doctrine about the leeway agencies have to regulate.
“Certainly Chevron represents a challenge to cybersecurity regulations,” Neuberger said. “We believe that the regulations we’ve done are very true both to the letter of the law and the spirit, in that as new technologies were adopted in those sectors, the safety regulations evolve.”
Neuberger said the incoming administration should also focus on grant programs to help smaller government entities detect threats — a recommendation that could prove difficult under Trump’s reported nominee to lead the Homeland Security Department. And it should expand on partnerships like those of the Counter Ransomware Initiative to pressure Russia over its ransomware gangs, and even have more interactions with nations like China to apply pressure over illicit cyber activity, she said.
