Trump on Cyber

FROM THE EDITORS AT CYBERSECURITY VENTURES

Q2 2017

TrumpOnCyber.com provides a non-partisan diary of U.S. President Donald Trump’s cybersecurity platform. From press conferences to government reports, this is a comprehensive summary of the administration’s developing policies in the area.

U.S. CYBERSECURITY

Cyber tensions rise over election hacking, global ransomware attacks, and worries about threats to power grids

moragMorag McGreevey

Menlo Park, Calif. – Jun. 30, 2017

Cybersecurity Ventures’ second edition of Trump On Cyber — a new quarterly in our diary series.

President Trump’s noteworthy cybersecurity activities in Q2 included: The announcement of a new bilateral working group between the United States and Israel on cybersecurity; Meeting with energy sector leaders and cybersecurity experts to focus on combating threats to the U.S. power grid; A long-awaited executive order on cybersecurity, which calls for the U.S. government to move to the cloud and modernize its IT infrastructure, including federal agency heads held accountable for protecting their own networks.

THE DIARY

June

Jun. 29. The House Armed Services Committee completed a markup of its version of an annual defense policy bill, which saw many victories for cyber-focused lawmakers in Washington.

Jun. 29. House Democrats are creating an election security task force to study how the government can lock Russian hackers out of the upcoming 2018 elections, said House Minority Leader Nancy Pelosi.

Jun. 29. Former New York Mayor Rudy Giuliani, an unofficial Trump cybersecurity adviser, stated that President Trump will emphasize the U.S. commitment to NATO in his upcoming trip to Eastern Europe and plans to “assure” the countries bordering Russia that “the United States is there to support them.”

Jun. 28. Former US President Barack Obama’s cybersecurity adviser Michael Daniel spoke out to affirm that Russian hackers did not determine the outcome of the 2016 US election cycle.

Jun. 28. The Judiciary Committee, which is currently investigating Russia’s election interference, President Trump’s firing of former FBI Director James Comey any any interference from the Justice Department on FBI investigations, has sent Acting FBI Director Andrew McCabe and Deputy Attorney General Rod Rosenstein a letter requesting information regarding RISA-related actions by the FBI and Justice Department in the court of the investigation of Russian Interference during the past election cycle.  

Jun. 26. The Trump administration announced a new bilateral working group between the United States and Israel on cybersecurity. Tom Bossert, White House homeland security and counterterrorism adviser, disclosed the new partnership.

Jun. 21. President Trump met with energy sector leaders and cybersecurity experts on Wednesday to focus on combating threats to the U.S. power grid. This meeting occurred days after security researchers identified the malware tied to a cyberattack on Ukraine’s power grid last year that, with slight modifications, could be used to disrupt the U.S. electric grid.

Jun. 23. A group of Democratic Senators wrote President Trump and the Department of Energy demanding the administration investigate “Russian capabilities with respect to cyberattacks on [U.S.] energy infrastructure.” The letter referenced CrashOverride — the malware deemed responsible for a Ukrainian power outage last year — as evidence for the need for an investigation.

Jun. 24. Ahead of Prime Minister Narendra Modi’s three-day official visit to the US, India’s Ambassador Navtej Sarna said that Prime Minister Modi and President Trump would discuss crucial issues such as counter-terrorism, security and cyber security.

Jun. 21. An official from the Homeland Security Department told Congress that Russian hackers targeted 21 U.S. state election systems in the 2016 presidential race and a small number was breached. However, there was no evidence that votes were manipulated.

Jun. 19. Secretary of State Rex Tillerson reportedly has a three-point plan to both improve relations and work with Russia. It includes facing global threats posed by the Syrian civil war, the proliferation of North Korea’s missile and defense program, and cybersecurity and cyber-espionage.

Jun. 9. The first deadline approaches for a series of reports commissioned by President Trump’s cybersecurity executive order aimed at protecting U.S. critical infrastructure systems and federal information technology networks from cyberattack risks.

May

May 31. China has postponed enforcement of part of a cybersecurity law that companies warn violates Beijing’s free-trade pledges.

May 30. The congressional investigation into Russian meddling in the 2016 presidential election now reportedly includes President Trump’s personal lawyer, Michael Cohen.

May 26. The FBI investigates an attempted overseas cyberattack against the Trump Organization, summoning President Donald Trump’s sons for an emergency session with the bureau’s cybersecurity agents.

May 25. Jared Kushner, President Trump’s son-in-law and senior adviser, has reportedly come under scrutiny in the FBI’s investigation into possible collusion between the Trump campaign and Russia. Investigators are looking into meetings that Kushner had with Russian Ambassador Sergey Kislyak and a Russian banking executive late last year during the presidential transition.

May 23. The federal budget is published. The budget, which right now feels like a Trump-administration wishlist since it needs to pass through Congress to take effect, proposes to spend $1.5 billion on cybersecurity at the Department of Homeland Security. It also calls for increases in cybersecurity-related spending at the FBI and Justice Department.

May 22. Former national security adviser Michael Flynn is reportedly invoking his Fifth Amendment rights and will not comply with a subpoena from the Senate Intelligence Committee issued in connection with the committee’s investigation into Russian election interference.

May 22. Rob Joyce, President Trump’s “cyber czar,” voiced his surprise that the recent WannaCry global ransomware attack did not compromise federal government computer systems. Furthermore, he said he worries about future attacks on power grids and hospitals.

May 22. News of a U.S.-Saudi Arabia  arms deal worth more than $100 billion was widely publicized by the media. This deal was purported to include Abrams tanks, combat ships, missile defence systems, and cybersecurity technology. However, later reports stated that the arms deal was over hyped, largely consisted of pre-existing arrangements from the Obama administration.

May 18. The new cybersecurity order signed by President Trump builds upon the previous administration’s efforts rather than undoing Obama-era policies.

May 17. Governments turn their attention to a possible new wave of cyber threats after the group that leaked the hacking tools which launched the global WannaCry “ransomware” attack warned it would release more malicious code.

May 17. President Trump’s resort and weekend getaway Mar-a-Lago made news for its easily hackable cybersecurity measures.

May 16. Federal agency heads are accountable for protecting their own networks under President Trump’s much-anticipated cybersecurity executive order.

May 15. The White House sought to deflect blame from US intelligence services, after the National Security Agency was accused of “stockpiling” cyber weapons.

May 15. Global ransomware attack underscored the essential tenets of President Trump’s cybersecurity executive order, published just days before.

May 15. White House homeland security advisor Tom Bossert commented that the US has the recent global ransomware attack “under control,” but it could “morph into a more difficult and threatening manner.”

May 15. Meanwhile, internationally, the WannaCry ransomware attacks slowed but fear remained. A spokesperson for police agency Europol said that the situation in Europe “seems stable.”

May 14. President Trump ordered his homeland security advisor Tom Bossert to hold an emergency meeting to assess the threat posed by the global WannaCry computer ransomware attack.

May 14. A cyberattack swept the world infecting thousands of computers in over 150 countries, demanding their owners pay a ransom or risk losing all their data.

May 12. President Trump’s newly passed executive order on cybersecurity to prompt a review the software currently used by the government, which is provided by Russian cyber security provider Kaspersky Lab.

May 11. President Trump signed a long-awaited executive order on cybersecurity, which calls for the U.S. government to move to the cloud and modernize its IT infrastructure.

May 10. National Security Agency director Michael Rogers defended the Trump administration’s delay in releasing its cybersecurity policy, stating that it is hard at work on developing a government-wide cyber strategy.

May 8. The Trump administration’s silence regarding the Russian-backed digital assault towards nationalist candidate Marine Le Pen in the French presidential elections caused consternation among cyber policy specialists and former White House officials.

May 8. Former acting attorney general Sally Yates and former director of national intelligence James Clapper  testify before a Senate Judiciary Subcommittee in regards to the Mike Flynn affair.

May 10. Senators urged the Trump administration to develop a comprehensive strategy for deterring and responding to cyber threats, voicing concerns about vulnerabilities in U.S. infrastructure. “We are exceptionally vulnerable in our system. I do agree that one of the prime things that we have to move is some actual deterrence,” Sen. James Lankford said.

May 1. President Trump is launching a special council to upgrade the U.S. government’s IT services. Chris Liddell, a former Microsoft CFO, will help run the council, the White House said.

April

Apr. 29. After 100 days in office, the Trump administration’s much touted executive order outlining cybersecurity defence priorities and remedies has yet to be released.

Apr. 24. In his first public comments since taking office, White House Cybersecurity Coordinator Robert Joyce assured that the Trump administration is “close” to unveiling its cybersecurity executive order.

Apr. 23. President Trump signs a series of executive orders this week, relating to everything from offshore drilling and agriculture to cybersecurity. These orders came in the run up to the president’s 100th day in office.

Apr. 20. President-elect Donald Trump promised that he would tackle the problem of cybersecurity head on, by “appointing a team to give [him] a plan within 90 days of taking office.” On the 20th, he hit the 90-day mark without a team or clear cybersecurity plan in place.

Apr. 18. Homeland Security Secretary John Kelly laid out the Trump administration’s priorities for his department, listing cybersecurity alongside defending the nation’s borders and stopping terrorist attacks. However, he provided fewer details about the online defensive mission than about the other two priorities.

Apr. 12. Following his phone call with President Trump, Chinese President Xi Jinping made the statement suggesting the two had a very product conversation on a range of topics, including cybersecurity.

Apr. 9. President Trump vowed to speed up approval for one of his main campaign promises: his $1 trillion dollar infrastructure plan. Notably, cybersecurity was not an explicit part of these infrastructure plans.

Apr. 4. Sen. Elizabeth Warren (D-Mass.) said that the Senate shouldn’t confirm a Supreme Court nominee from President Trump while the FBI is still investigating any potential ties between his campaign and the Russian electoral cyber attacks.

Apr. 6. As President Trump prepared to meet the Chinese President, Chinese hackers were linked to espionage on the National Foreign Trade Council. The NFTC hack occurred two months prior in February.

Apr. 5. President Trump removed chief White House strategist Stephen Bannon from his role on the National Security Council.

Apr. 5. The Senate Commerce Committee advanced a bill aimed at boosting resources to help small businesses protect their digital assets from cyber threats. Sen. Brian Schatz (D-Hawaii) introduced the bill last week, with a bipartisan group of senators sponsoring it.

Apr. 3. Prior to President Trump’s visit with Chinese President Xi Jinping, cybersecurity experts were concerned that President Trump’s free form diplomacy could undermine an Obama-era deal with Bejing that curbed Chinese cyberthefts for economic gain.

Morag McGreevey is a freelance writer covering cybersecurity, national security, VC deals, and investing.

grayfooterline

Q1 2017

TrumpOnCyber.com provides a non-partisan diary of U.S. President Donald Trump’s cybersecurity platform. From press conferences to government reports, this is a comprehensive summary of the administration’s developing policies in the area.

FIRST EDITION

Inaugural edition of Trump On Cyber covers the first 100 days

moragMorag McGreevey

Menlo Park, Calif. – Mar. 31, 2017

Cybersecurity Ventures announces Trump On Cyber — a new quarterly in our diary series.

Prior to taking office, President-Elect Trump spoke to the Retired American Warriors PAC in Herndon, Va., and said “Cyber theft is the fastest growing crime in the United States by far. As President, improving cybersecurity will be an immediate and top priority for my administration. One of the very first things I will do is to order a thorough review of our cyber defenses and weaknesses.”

We pick it up from there.

THE DIARY

March

Mar. 31. Russian cyber attacks on Trump White House have not stopped, with prominent Republicans, including House Speaker Paul Ryan and Sen. Marco Rubio, being targeted by coordinated social media attacks.

Mar. 30.  President Trump extended Obama’s executive order on cyber attacks for another year, allowing the government to issue sanctions against people and organizations engaged in cyber crime against the U.S.

Mar. 28. The House voted in favour of blocking internet privacy rules passed by the Federal Communications Commission last year, sending the bill to President Trump who is expected to sign it into law. This bill passed in the House 215 to 205; 15 Republicans voted against it.

Mar. 28. A group of MIT researchers lead by Joel Brenner, former inspector general of the National Security Agency and head of U.S. Counterintelligence in the Office of the Director of National Intelligence, have released a set of eight key cybersecurity recommendations for President Trump.

Mar. 27. Rep. Devin Nunes (R-Calif.) leveled charges that the intelligence community collected information on members of President Trump’s transition team. This allegation drew criticism from Democrats, because he went directly to the White House to inform President Trump before first briefing the House Intelligence Committee.

Mar. 27. NATO was set to spend over $3.2 billion to support the coalition’s cybersecurity and satellite communications programs over the next three years. The funds are pending approval by the 28 governments, including the Trump administration who has repeatedly criticized the effectiveness of NATO.

Mar. 23. The U.S. Chamber of Commerce is making several cybersecurity recommendations for the Trump administration, including soliciting private sector input for a new cybersecurity strategy and modernizing the government’s IT infrastructure.

Mar. 20. Director James Comey confirmed that the FBI is investigating Russian attempts to interfere with the 2016 elections through cyber attacks and other methods, including any relationship between members of Donald Trump’s campaign and Moscow.

Mar. 19. President Trump’s first budget as president put forward $1.5 billion for cybersecurity spending.

Mar. 16. President Trump’s budget blueprint for the federal government proposes $61 million increase for the FBI and Justice Department in 2018 to better combat cybercriminals.

Mar. 16. That same budget blueprint repeatedly cites “effectiveness, efficiency, cybersecurity, and accountability” as a goal.

Mar. 16. Retired Gen. Michael Flynn was paid $11,250 by Russia’s top cybersecurity firm, Kaspersky, in 2015, according to new documents obtained and published by the House Committee on Oversight and Government Reform on Thursday.

Mar. 14. President Trump is poised to select Rob Joyce, the currently chief of the National Security Agency’s secretive Tailored Access Operations (TAO), as his White House Cybersecurity Advisor.

Mar. 12. The House Intelligence committee is asking the Trump administration for evidence that phones in Trump Tower were tapped during the election campaign, after President Trump tweeted “Terrible! Just found out that Obama had my ‘wires tapped’ in Trump Tower just before the victory. Nothing found. This is McCarthyism!”

Mar. 10. The New Democrat Coalition, a group of 30 Democratic lawmakers, sent a letter to President Trump “to highlight the importance of making smart cybersecurity investments, which will more than pay off in the long run.”

Mar. 9. Trump administration leaves key cybersecurity jobs vacant: of the nine agency-level Chief Information Officer (or CIO) roles that are politically appointed, only one is currently filled .

Mar. 8. FBI Director James Comey says that he plans to serve out his entire 10-year term, despite controversy over President Donald Trump’s claims that the Obama administration wiretapped his phones. “You’re stuck with me for another 6-½ years,” said Comey during a cybersecurity conference.

Mar. 6. Industry officials are reviewing the Trump administration cybersecurity executive order, which has been delayed for over a month, when he abruptly cancelled the signing without explanation. This may be a sign that he is coming closer to releasing the order.

Mar. 6. President Trump declared it National Consumer Protection Week, underscoring the need to increase awareness about cyber crime.

Mar. 3. Russian foreign minister blasted the scandal around links between President Trump’s presidential campaign and the Kremlin. Echoing President Trump’s words, he decried the media frenzy as a “witch hunt.”

Mar. 3. President Trump named Grace Koh the special assistant for technology, telecom and cybersecurity. Koh, who previously served as Deputy Chief Counsel to the Subcommittee on Communications and Technology of the Energy and Commerce Committee in the U.S. House of Representatives, is now officially the senior staff member in charge of technology and cybersecurity.

Mar. 1. Top lawmakers on the House Intelligence Committee have set the parameters of their investigation into Russia’s interference in the U.S. election, which includes potential contacts between President Trump’s campaign and Moscow.

February

Feb. 28. Former Indiana Senator Dan Coats sought to reassure lawmakers that he will capably lead the intelligence community, despite some conflicting signals from the Trump administration.

Feb. 27. President Trump said that his first budget proposal would feature major increases to national security spending offset by “greater savings and efficiencies” to federal government spending.

Feb. 20. House Oversight and Government Reform Committee Rep. Ted Lieu, D-Calif., called for an investigation into the personal cybersecurity practices of President Donald Trump and his staff.

Feb. 18. The Trump administration has been consulting technology industry leaders prior issuing its delayed order on cybersecurity.

Feb. 14. Retired General Keith Alexander described a recent meeting with President Trump during which cybersecurity issues were discussed with members of his inner circle: “The President’s demeanor changed to what you would expect of a corporate CEO. […] He listened. He took what they said, restated it, went on to next thing and allowed everyone to talk.”

Feb. 13. President Trump and Canadian Prime Minister Justin Trudeau committed to working together on cybersecurity during their first meeting in Washington, D.C.

Feb. 13. In contrast with previous years, representatives from the White House did not attend the RSA Conference, an important San Francisco-based cryptography and information security-related conference.

Feb. 13. Michael Flynn, the top advisor on the National Security Council, is also under fire after publications reported that Flynn spoke with Russian Ambassador Sergey Kislyak about economic sanctions, despite Flynn’s repeated denials.

Feb. 7. U.S. Homeland Security Secretary John Kelly said he backed a decision in the Obama administration to designate elections systems as critical infrastructure in order to boost their cyber defenses, after the government concluded Russian hackers tried to influence the 2016 presidential race.

Feb. 5. Israeli Prime Minister Benjamin Netanyahu, who is scheduled to visit the White House on Feb. 15, states that strengthening cybersecurity ties between nations will be a top priority.

Feb. 2. Defence Department civilian jobs critical to cybersecurity are safe from the government-wide hiring freeze. A memo from the office of Deputy Defense Secretary Bob Work states that jobs “required for execution of the cyber and intelligence lifecycle operations, planning or support” are exempt from the freeze.

Feb. 1. President Trump delayed signing an executive order to initiate a government-wide review of the nation’s cybersecurity policy led by the Department of Defense and the Department of Homeland Security.

Feb. 1. President Trump told reporters that he will hold “cabinet secretaries and agency heads accountable, totally accountable, for the cybersecurity of their organization.”

January

Jan. 31. President Trump states that before he signs the executive orders for cybersecurity reform, he will hold a “listening session” with cybersecurity experts.

Jan 30. The leaked draft copy of the executive order on cybersecurity is notable because it diminishes the role of the FBI and makes no mention of protecting election systems.

Jan. 27. Washington Post published a draft executive order titled “Strengthening US Cyber Security and Capabilities” to be signed by Donald Trump. The order fleshes out the “cyber review” promised by the President during the election campaign.

Jan. 26. President Trump is considering executive orders calling for the review of parts of the US national security infrastructure, including how the nation addresses cybersecurity threats.

Jan. 25. Cybersecurity adviser Rudy Giuliani states that President Trump has identified Israel as a key partner in the US’s cybersecurity efforts.

Jan. 25. President Trump’s blanket civilian hiring freeze may hurt federal agencies struggling to recruit enough skilled cybersecurity professionals for the nation’s digital defenses.

Jan. 20. Treasury nominee Steven Mnuchin is “very concerned about the lack of first-rate technology at the IRS” and cites the need for cybersecurity and staffing upgrades.

Jan. 13. The Senate Intelligence Committee announced that it will be launching a bipartisan inquiry into Russian intelligence activities, including looking into whether President-elect Donald Trump’s allies were in contact with Russia.

Jan. 12. Rudy Giuliani confirms that he will coordinate regular cybersecurity meetings between President-elect Trump and private sector tech leaders.

Jan. 6. President-Elect Trump disparaged US Intelligence Agencies in relation to suspected Russian hacking during the election lead up, but he also expressed “tremendous” respect for the work that they do. He claimed that Russian hacking had no effect on the election outcome.

Jan. 6. The President-Elect stated that there were Russian attempts to hack the GOP did not impact the election because the Republican National Committee had stronger cyber defences.

Jan. 5. A taskforce of bipartisan lawmakers released a report recommending a detailed cybersecurity agenda for the incoming Trump administration.

Jan 4. President-elect Donald Trump nominanted Wall street lawyer Jay Clayton as the next chairman of the Securities and Exchange Commission. Clayton has a background in cybersecurity, helping to lead Sullivan & Cromwell’s cybersecurity practices.

Jan. 1. President-Elect Trump stated “I think that computers have complicated lives very greatly … we have speed, we have a lot of other things, but I’m not sure you have the kind of security you need.”

Morag McGreevey is a freelance writer covering cybersecurity, national security, VC deals, and investing.

grayfooterline

© 2016-2017 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this Report by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.