President Trump’s Executive Orders Will Damage US Cybersecurity. Here’s Why.
- By now we all probably agree that last weekend was one of the most dramatic in US Government history.
- If you don’t know what I’m talking about, then this blog is not for you.
- It concerns me because it puts our cybersecurity at risk. Hackers don’t typically follow the rules.
Trump signed an executive order that bans certain categories of individuals from entering the USA. Mass chaos followed at US airports that process inbound international flights, including demonstrations by US citizens.
He also signed an executive order that mandates that US Federal “Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information”.
Even now the implications of the directive are unclear. For the past 15 years the US and EU have operated under a Safe Harbor agreement that effectively shielded EU citizens from arbitrary privacy invasion by the US, but even that agreement was in trouble because of increased concern on the part of the EU courts. Given the lack of specificity in the most recent executive order the effect will be confusion, and the result of confusion will be broadly negative for the US.
- Organizations with a worldwide presence will immediately be concerned that their employees traveling to the US for legitimate business reasons will be detained on entry to the US. These same companies will face demands from their non-US employees to keep their personally identifiable information out of the hands of the US government.
- US companies that do business overseas, including cloud providers like Google, Facebook, Microsoft, Amazon and many more, will experience their customers and users questioning whether or not their privacy will be respected by the US government. This will be chilling for the US tech sector. US companies with customers in the affected countries will have a difficult job trying to overcome negative national sentiment towards the US. This will be bad for business, and risks greater intensity of cyber-attacks on US businesses that have foreign interests.
- Negative sentiment toward the US will increase. The role of the new US cyber-czar, Rudy Giuliani, in formulating the travel ban on Muslim immigrants will certainly not be lost on the world. In the cyber-domain this will result in organizations that have a beef with the US government to re-energize and focus their attacks on US businesses and Federal Agencies – this at a time when the US government is the most poorly protected organization in the USA (with a few exceptions).
Cyberattacks, breaches and dumps will increase as a result.
Perhaps President Trump believes that there is no way to be secure online and that there is no way the US can improve its posture without bravado. Unfortunately, the hacker community doesn’t work that way. If there is a weakness, it will be found. It is my firm view that being a leader in cybersecurity would restore the US to a position of economic and information dominance that would protect us for decades to come. The technologies and tools to achieve this are available today.
But like a feisty swaggering drunk, out for a brawl that he will surely lose, Trump is starting his foray into the cyber domain in the wrong way. We join our partners in high technology asking for an end to this immigration ban.