Infosec Was Trump's Lowest Priority, But He'll Change Bigly
Arthur T Knackerbracket has processed the following story:
Ransomware remains rampant and is a favorite tool of adversaries including North Korea. Other foes continue to place misinformation online in the hope of influencing American opinion.
At home, debate continues to bubble about the best approach to securing businesses, which complain that existing infosec rules and incident reporting regulations vary between jurisdictions, can involve multiple agencies, and also overlap.
How to hold the tech industry accountable when it drops the ball, in terms of security, is another ongoing debate, with some calling for voluntary guidelines that incentivize secure development practices, while others want mandated security standards that make tech companies liable for flaws in their products.
The Republican Party's 2024 election platform document [PDF] mentions infosec just once, in the last paragraph of a 16-page manifesto, as follows:
Republicans will use all tools of National Power to protect our Nation's Critical Infrastructure and Industrial Base from malicious cyber actors. This will be a National Priority, and we will both raise the Security Standards for our Critical Systems and Networks and defend them against bad actors.
None of the executive orders Trump had issued at the time of writing include more detailed information security policies.
But on its first day in office, the administration made two notable security-related changes.
One was to terminate all memberships of advisory committees that report to the Department of Homeland Security (DHS). That impacts infosec because DHS is the parent agency of the Cybersecurity and Infrastructure Security Agency (CISA), which in turn is home to the Cyber Safety Review Board (CSRB) - an org tasked with investigating major cybersecurity incidents.
Killing the board that pressured Microsoft to up its cybersecurity looks for all the world like payback for Microsoft's million dollar gift to Donald Trump's inaugural committee
CSRB is currently investigating the Salt Typhoon attacks on telcos but now appears to lack personnel to finish the job.
The board's past work includes a scathing report that found Microsoft responsible for a "cascade of security failures" that allowed Chinese spies to break into senior US officials' email accounts.
Read more of this story at SoylentNews.