The final week of 2016 overflowed with news about cybersecurity: The Obama administration announced sanctions, expulsions, and other actions against Russian intelligence services and operatives for cyberoperations involving the 2016 elections and thefts from e-commerce companies; the U.S. Attorney’s Office for the Southern District of New York unsealed indictments charging several Chinese nationals with cyberhacking crimes involving the use of stolen law firm passwords to access and profit from material, nonpublic information about corporate acquisitions; the New York Department of Financial Services delayed the January 2017 implementation of new rules that would require financial services companies to establish safeguards against cyberattacks; the Trump transition team tapped Thomas Bossert, a veteran of the Bush 43 administration, to serve as President-elect Donald Trump’s main adviser on cybersecurity with an elevated title equivalent to the national security adviser; and President-elect Trump vowed to make cybertheft a “priority” and stated on New Year’s Eve that “no computer is safe.”
With just weeks until the Presidential inauguration, this column considers how a Trump Administration might approach cybersecurity issues, particularly criminal prosecutions and regulatory oversight. Trump prognosticators have typically read the tea leaves to be business flavored—how will Trump, the businessman, view a particular issue? The cyberecosystem, however, presents a dynamic mix of issues involving risk assessment, politics, and foreign policy, which sets it apart from other typical business-related activities.
