Donald Trump has missed a deadline on strengthening US cyber security.
Before he was sworn in, Mr Trump said in a statement the US needs to “aggressively combat and stop cyber attacks.” He vowed to “appoint a team to give me a plan within 90 days of taking office.”
We have now reached 90 days with no team, plan, report, or executive order on anti-hacking.
Michael Sulmeyer, director of the Harvard Belfer Center’s Cyber Security Project and former director of Cyber Policy Plans and Operations at the Defence Department, told The Independent that this should not be a difficult task to complete.
There is no real need for a brand new plan or report given all the information leftover from the Obama administration, according to Mr Sulmeyer.
Mr Trump “inherited a set of proposals” that former President Barack Obama’s cyber security commission delivered in December 2016 and an independent report from the Washington, DC-based think tank Center for Strategic and International Studies, said Mr Sulmeyer, who wrote the military section of the report.
The President’s lack of transparency on cyber security matters – he has not spoken at length on them publicly – could be for security concerns, according to his statement prior to taking office.
He said: “The methods, tools, and tactics we use to keep America safe should not be a public discussion that will benefit those who seek to do us harm.”
However, there was an executive order planned for February 2017 but the White House pulled it with no explanation.
The latest leak draft showed that government agencies would implement an already-existing framework for cyber security outlined by the National Institute for Standards and Technology (Nist), a non-regulatory agency under the Department of Commerce.
Private sector companies have implemented the use of the Nist framework as well.
Mr Trump appointed former New York City Mayor Rudy Giuliani as the head of a task force to build private sector partnerships for cyber security as well. The task force has issued no information publicly to date.
Politico reported that normally the National Security Council (NSC) in the White House would play a role in a report or plan of this type, but a spokesman told them that there was confusion over whose responsibility it is.
Mr Sulmeyer said that everything he has seen “indicates that Giuliani is an informal counsellor... but the lion’s share of the work would fall to the NSC.”
R. David Edelman, director the Project on Technology, the Economy, and National Security (TENS) at Massachusetts Institute of Technology and a former Obama aide on that issue, also told The Independent the NSC should be responsible for this kind of plan or report.
That is if cyber security is really a priority for the administration.
What worries Mr Sulmeyer more than a plan or report is that Mr Trump missing his own deadline “follows a pattern of saying one thing and doing another.” However, Mr Edelman said that even when he worked in the Obama administration, a 60-day policy turnaround took closer to 110.
"Delayed cyber reports are a bipartisan tradition. I suspect the delay has more to do with competing priorities at the White House and a desire to get more buy-in from the agencies that will ultimately execute on the plan," Mr Edelman said.
While the president made comments before taking office on the alleged Russian hacking of the Democratic National Committee during the 2016 election, Mr Sulmeyer pointed out Mr Trump was also tweeting from a “consumer-grade Android phone.”
“If [the phone was] hacked, it could present a very serious compromise to sensitive communications going on around” Mr Trump, he explained.
The White House has not responded to comment on the matter but Mr Edelman thinks the public will see a report or a plan but "rushed policy is bad policy."
"The question is not whether we do, but whether it moves the ball forward...it will be judged on substance."Reuse content