Microsoft president Brad Smith has called on United States president-elect Donald Trump not to break step with his predecessor’s work on cyber security, saying that threat actors working on behalf of China, Iran and Russia present an ever greater threat to American and global security.
Speaking to the Financial Times, Smith praised president Joe Biden’s outgoing administration for its work on cyber security over the past four years, but said “more steps” could be taken in “dissuading and deterring” cyber attacks.
He accused Moscow of tolerating attacks on US and other western organisations by financially motivated ransomware gangs, and in some cases even quietly facilitating them.
“I hope that the Trump administration will push harder against nation-state cyber attacks, especially from Russia, China and Iran. We should not tolerate the level of attacks that we are seeing today,” said Smith during the interview.
“The cyber battleground continues to expand, and there is an increasing global concern, particularly towards government agencies. We’ve seen an uptick in almost all forms of malicious attacks on government[s],” said SonicWall’s executive vice-president of EMEA, Spencer Starkey.
“In a divisive landscape, we’re seeing a continued geo-migration of threats, and governments are under constant cyber threat. These cyber attacks raise concerns about a country’s own national security, critical national infrastructure as well as the safety of sensitive information.
“Protecting government networks relies on constant communication and cooperation, working together with the private sector and imposing strict punishments, to deter future attacks,” said Starkey.
Future of CISA uncertain amid transition
Since the 5 November election, the US cyber security community has been discussing the future of the US Cybersecurity and Infrastructure Security Agency (CISA) during Trump’s second term.
Since its establishment, CISA has led on many impactful operations and disclosures, frequently collaborating with partner agencies such as the UK’s National Cyber Security Centre (NCSC), conducted extensive work on misinformation, and grown the Known Exploited Vulnerabilities (KEV) database into a well-used and trusted global resource.
Under its current leader Jen Easterley, who is stepping down in January 2025, it has also become a leading advocate for diversity in the sector.
However, despite its strong track record, the agency’s future remains unclear. Although established in 2018 under the first Trump administration, CISA’s first director Chris Krebs was ousted after the 2020 election when he rejected the president’s claims of election interference, and this historical clash is among several factors that are influencing the debate.
Other unknown quantities may include the proposed new head of the Department for Homeland Security (DHS) – within which CISA sits. This is current South Dakota governor Kristi Noem, who previously criticised CISA over federal grants made to individual US states, although she has also advocated for the security sector in South Dakota and signed state-level cyber legislation into law this year. Her path forward, if she is confirmed in the role, is unclear.
Similarly, the controversial Project 2025 blueprint for the second Trump administration, which outlines significant changes to many longstanding US policies, similarly proposes a significant reduction in CISA’s funding and argues for transferring some of its functions relating to critical national infrastructure (CNI) to the Department of Transportation (DoT).
Cyber policy
Whatever the future may hold for CISA, ESET chief security evangelist Tony Anscombe told Computer Weekly that on some core cyber policy issues – such as whether or not to ban the payment of ransomware demands – he did not expect much to change under Trump. The US has historically resisted calls for such bans.
“Banning any such payment would be complex. For example, the option to pay in scenarios that are potentially life-threatening in industries such as healthcare are a good example, and a ban could just push payments being made in secret,” he said.
In other areas, he said Trump’s proposals to use more tariffs and sanctions to protect US companies might lead to increased use of these levers on cyber issues too.
“If the cyber issue is deemed significant enough I can envisage sanctions going beyond adding known cyber criminals to the Office of Foreign Asset Control [OFAC], potentially holding the countries that harbour them responsible for their actions and adding sanctions against the countries,” said Anscombe.
“As it stands today, the OFAC sanctions list against known cyber crime groups, individuals or crypto-wallets appears to be ineffective, as does naming and shaming, as payments continue to be made, and to my knowledge, no one has been held accountable for a breach of sanctions – if anyone has breached them.”