WASHINGTON — The U.S. government needs the business community’s help crafting the right cybersecurity strategy, President Donald Trump’s top cybersecurity official said on Tuesday.
“We need input from you,” National Cyber Director Sean Cairncross said at an event hosted by the Information Technology Industry Council. “You know your regulatory scheme better than I do — where there’s friction, where there’s frustration with information-sharing, what sort of information is shared, the process through which it’s shared.”
Cairncross’s comments come as the White House prepares to unveil its five-page national cybersecurity strategy, which will focus heavily on streamlining regulations to reduce the burden on industry, including critical infrastructure organizations.
The White House wants to revise the current patchwork of cybersecurity regulations “so that form follows function rather than [the rules being] a compliance checklist,” said Cairncross, who has led the relatively new Office of the National Cyber Director since August.
The administration intends to work with companies “to figure out a way that industry can best align its resources with the assets that it needs to protect,” he said.
Administration officials have had “a lengthy engagement with the private sector” as they developed the strategy, Cairncross added.
Business groups, which often complained about the Biden administration’s approach to regulation, could find the Trump administration more amenable to the industry’s views as it implements the new strategy. That could mean looser rules, more corporate representation in government projects and more federal spending on tech services.
Ambitious but brief cybersecurity plan
The strategy will also focus on modernizing the federal government, securing critical infrastructure, building the cybersecurity workforce, maintaining U.S. leadership on emerging technologies and deterring foreign cyberattacks.
The deterrence pillar is likely to be a top priority for the Trump administration. Speaking at the ITI event, Cairncross bemoaned the fact that U.S. policy toward countering hackers has for decades been “very reactive,” and he said the Trump administration is interested in finding new ways to “dent the incentive to engage in that behavior.”
Cairncross did not provide a timeline for the strategy’s release, but he said the White House would publish it “sooner rather than later.” The goal of the brief document, he explained, is “to point a direction for the USG to go so resources and effort can be lined up.”
“We are looking to put points on the board to make things work efficiently, effectively and with maximum impact in all these different priority areas,” he said.
Important partnerships hamstrung
In discussing the strategy and other issues, Cairncross repeatedly emphasized the importance of working closely with industry. “We have to do this in partnership or this mission is not going to succeed,” he said. “Our administration and the President wants to be very forward-leaning and collaborate and partner with the private sector in order to do this.”
At the same time, the Trump administration’s cuts to the Cybersecurity and Infrastructure Security Agency have made that collaboration more challenging and scattershot. CISA has shed key personnel and scaled back important missions as its workforce has struggled with leadership scandals and a lack of direction.
In a similar vein, Cairncross said the administration was committed to convincing other countries to buy telecommunications equipment from Western vendors instead of Chinese competitors, but he did not acknowledge the Trump administration’s elimination of the State Department’s cyber diplomacy bureau, which led those efforts, or the Republican-led Congress’s elimination of a fund meant to subsidize allies’ purchases of Western-made gear.
Chinese technology may cost less up-front, but “there is a bigger price on the back end, and when that bill comes due, it’s a problem,” Cairncross said. “We are doing everything we can do to avoid that.”
AI security policy, information sharing, and coordination
Cairncross also discussed AI, saying his team was working with the White House Office of Science and Technology Policy on “an AI security policy framework.” He offered few details but said the goal was to “ensure that security is not viewed as a friction point for innovation, but it is built into that system.”
With the fate of the 2015 Cybersecurity Information Sharing Act hanging in the balance, Cairncross said the Trump administration has “been very clear” that it wants Congress to reauthorize the sharing legislation for as long as possible. He encouraged companies to hammer that message home in meetings with lawmakers, saying “we need from industry is an echo chamber up on the Hill to make to help make that happen.”
Cairncross is only the third Senate-confirmed national cyber director in the four and a half years since Congress created the role to serve as the president’s chief adviser on cybersecurity policy issues. Speaking at the ITI event, he said he wanted to use his limited authority to bring together the government’s disparate power centers and develop more coordinated policy.
“We are trying to turn a very large, decades-old ship in a new direction,” he said.