Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

<i>Online Extra</i><br>Trump Cybersecurity Council Resignations Could Mean Disruption for Cybersecurity Policy

By Gabrielle Orum Hernández
September 02, 2017

When President Donald Trump took office earlier this year, cybersecurity policymakers and leaders held high hopes for executive-level policy action around cybersecurity. The administration announced in January it would convene experts to propose cybersecurity within 90 days. Despite missing the plan's self-imposed deadline, Trump did sign a well-received executive order in May calling for enhancements to cybersecurity standards and workforce training.

Those hopes took a potential hit last month, as eight Obama-era appointees to Trump's 28-member National Infrastructure Advisory Council (NIAC) resigned in protest to a wide set of actions from Trump that, according to the group , “have threatened the security of the homeland.” The resignation letter they submitted also criticizes Trump for having paid “insufficient attention” to cybersecurity concerns around critical infrastructure, namely election-related infrastructure.

Fortune reports that former Office of Science and Technology Policy chief of staff Christin Dorgelo and U.S. chief data scientist D.J. Patil are among those who resigned.

Joe Whitley, shareholder at Baker, Donelson, Bearman, Caldwell & Berkowitz and chairman of the firm's government enforcement and investigations group, doesn't think the resignations will have much impact on the cybersecurity policy the administration is likely to put forward. “I don't know that they'll be any real change in the posture of the positions that the committee takes,” he said.

William Carter, a technology policy fellow at the Center for Strategic and International Studies, generally agreed with Whitley. “I'm not sure that will have a huge impact on policymaking,” Carter said of the resignations. “The members that resigned were largely Obama-era appointees. They were people that frankly I don't think the administration listened to particularly closely when they were on the council anyway.”

James Melendres, co-chairman of the cybersecurity, data protection and privacy practice group at Snell & Wilmer, noted that while the resignations may not change much of the council's substance, they're not likely to accelerate policy enactments either. “I think everyone agrees that the resignations are not going to advance the ability of the administration to make policy. Whether or not they truly change the shape or the arc of what this administration elects to do going forward remains to be seen,” he said.

The council was originally formed under President George W. Bush in 2001 as a means to provide private-sector input on the security of public infrastructure. President Barack Obama extended the council's functioning through the end of 2017 by executive order.

Melendres sees the council as part of a broader federal effort to open lines of communication to the private sector around cybersecurity policy. “The federal government, the DOJ [Department of Justice] and the FBI [Federal Bureau of Investigation] in particular have really made an effort to establish a public-private partnership with regards to cybersecurity, both for the purposes of sharing threat indicators but also in terms of providing advice with regards to cybersecurity standards,” he explained.

The resignations could be seen as part of a broader deterioration of the relationship between Trump's administration and company executives, especially in light of similar mass resignations from CEOs and other business leaders from Trump's Manufacturing Jobs Initiative and Strategy and Policy Forum. Trump disbanded both groups via Twitter shortly after those resignations were announced.

Melendres said that the potential disruption of the working relationship between the administration's agencies and the business community around cybersecurity policy development could create some roadblocks for meaningful cybersecurity policy.

“To me it is an issue, because any time we are disrupting the nexus between the government and the private sector, we're really doing ourselves harm, because we do need for there to be coordination and collaboration and information sharing working both ways,” Melendres said.

“I saw firsthand that it was very helpful and necessary particularly for the DOJ to have productive working relationships with the private sector, that's true across the government. If that's disrupted, which I imagine it will be given these resignations, that is setting us back,” Melendres added.

Carter said that despite appearances, the mass departure from NIAC doesn't speak to the ongoing collaboration around cybersecurity between the government and private sector happening a little further away from the Trump limelight: through the administration's bureaucratic agencies.

“There's really a lot of active engagement still particularly at the agency level and the director level within companies. That's where a lot of the actual benefit comes in,” Carter noted.

As per the charges of inaction on cybersecurity mentioned in the resignees' letter, the administration has yet to announce the cybersecurity plan it promised back in January. U.S. Sen. John McCain, R-Arizona, this week also criticized the administration's failure to address cybersecurity concerns, according to reports by the Washington Times, noting that despite the administration's promise to propose cyber policy within 90 days of taking office, “we still have not seen a plan.”

Both Carter and Whitley, however, find the concerns of cybersecurity inaction from the Trump administration more reflective of broader partisan concerns. “That had less to do with cybersecurity than political differences,” Carter said.

Whitley found the partisan tinge of the resignations somewhat confusing, given that the council deals with what he believes to be a fairly bipartisan issue. “U.S. infrastructure and protecting it are issues that transcend politics to some extent, but if someone has a personal concern about what the president is doing, they're free to exercise their constitutional rights to not participate in that organization,” he noted.

Carter qualified that while the broad ideals around cybersecurity policy — such things as protection of critical infrastructure and international collaboration — tend to be fairly bipartisan, discussions of cybersecurity policy implantation get into issues such as liability, regulation, privacy and freedom of speech, issues that tend to stoke more partisan concerns.

“At the high level, there's a bipartisan agreement and a desire to do more. When you get down to the implementation and how to make these things a reality, you get into much more fraught issues,” Carter noted.

*****
Gabrielle Orum Hernández writes for Legaltech News, an ALM sibling of this newsletter. Contact Gabrielle Orum Hernandez at [email protected].

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
COVID-19 and Lease Negotiations: Early Termination Provisions Image

During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.

How Secure Is the AI System Your Law Firm Is Using? Image

What Law Firms Need to Know Before Trusting AI Systems with Confidential Information In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.

Authentic Communications Today Increase Success for Value-Driven Clients Image

As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.

Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support Image

The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.

Generative AI and the 2024 Elections: Risks, Realities, and Lessons for Businesses Image

GenAI's ability to produce highly sophisticated and convincing content at a fraction of the previous cost has raised fears that it could amplify misinformation. The dissemination of fake audio, images and text could reshape how voters perceive candidates and parties. Businesses, too, face challenges in managing their reputations and navigating this new terrain of manipulated content.

How Much Does the Frequency of Retirement Withdrawals Matter? Image

A recent research paper offers up some unexpected results regarding the best ways to manage retirement income.