<i>Online Extra</i><br>Trump Cybersecurity Council Resignations Could Mean Disruption for Cybersecurity Policy

Joe Whitley, shareholder at Baker, Donelson, Bearman, Caldwell & Berkowitz and chairman of the firm's government enforcement and investigations group, doesn't think the resignations will have much impact on the cybersecurity policy the administration is likely to put forward. “I don't know that they'll be any real change in the posture of the positions that the committee takes,” he said.

William Carter, a technology policy fellow at the Center for Strategic and International Studies, generally agreed with Whitley. “I'm not sure that will have a huge impact on policymaking,” Carter said of the resignations. “The members that resigned were largely Obama-era appointees. They were people that frankly I don't think the administration listened to particularly closely when they were on the council anyway.”

James Melendres, co-chairman of the cybersecurity, data protection and privacy practice group at Snell & Wilmer, noted that while the resignations may not change much of the council's substance, they're not likely to accelerate policy enactments either. “I think everyone agrees that the resignations are not going to advance the ability of the administration to make policy. Whether or not they truly change the shape or the arc of what this administration elects to do going forward remains to be seen,” he said.

The council was originally formed under President George W. Bush in 2001 as a means to provide private-sector input on the security of public infrastructure. President Barack Obama extended the council's functioning through the end of 2017 by executive order.

Melendres sees the council as part of a broader federal effort to open lines of communication to the private sector around cybersecurity policy. “The federal government, the DOJ [Department of Justice] and the FBI [Federal Bureau of Investigation] in particular have really made an effort to establish a public-private partnership with regards to cybersecurity, both for the purposes of sharing threat indicators but also in terms of providing advice with regards to cybersecurity standards,” he explained.

The resignations could be seen as part of a broader deterioration of the relationship between Trump's administration and company executives, especially in light of similar mass resignations from CEOs and other business leaders from Trump's Manufacturing Jobs Initiative and Strategy and Policy Forum. Trump disbanded both groups via Twitter shortly after those resignations were announced.

Melendres said that the potential disruption of the working relationship between the administration's agencies and the business community around cybersecurity policy development could create some roadblocks for meaningful cybersecurity policy.

“To me it is an issue, because any time we are disrupting the nexus between the government and the private sector, we're really doing ourselves harm, because we do need for there to be coordination and collaboration and information sharing working both ways,” Melendres said.

“I saw firsthand that it was very helpful and necessary particularly for the DOJ to have productive working relationships with the private sector, that's true across the government. If that's disrupted, which I imagine it will be given these resignations, that is setting us back,” Melendres added.

Carter said that despite appearances, the mass departure from NIAC doesn't speak to the ongoing collaboration around cybersecurity between the government and private sector happening a little further away from the Trump limelight: through the administration's bureaucratic agencies.

“There's really a lot of active engagement still particularly at the agency level and the director level within companies. That's where a lot of the actual benefit comes in,” Carter noted.

As per the charges of inaction on cybersecurity mentioned in the resignees' letter, the administration has yet to announce the cybersecurity plan it promised back in January. U.S. Sen. John McCain, R-Arizona, this week also criticized the administration's failure to address cybersecurity concerns, according to reports by the Washington Times, noting that despite the administration's promise to propose cyber policy within 90 days of taking office, “we still have not seen a plan.”

Both Carter and Whitley, however, find the concerns of cybersecurity inaction from the Trump administration more reflective of broader partisan concerns. “That had less to do with cybersecurity than political differences,” Carter said.

Whitley found the partisan tinge of the resignations somewhat confusing, given that the council deals with what he believes to be a fairly bipartisan issue. “U.S. infrastructure and protecting it are issues that transcend politics to some extent, but if someone has a personal concern about what the president is doing, they're free to exercise their constitutional rights to not participate in that organization,” he noted.

Carter qualified that while the broad ideals around cybersecurity policy — such things as protection of critical infrastructure and international collaboration — tend to be fairly bipartisan, discussions of cybersecurity policy implantation get into issues such as liability, regulation, privacy and freedom of speech, issues that tend to stoke more partisan concerns.

“At the high level, there's a bipartisan agreement and a desire to do more. When you get down to the implementation and how to make these things a reality, you get into much more fraught issues,” Carter noted.

*****
Gabrielle Orum Hernández writes for Legaltech News, an ALM sibling of this newsletter. Contact Gabrielle Orum Hernandez at [email protected].