How Trump could change cybersecurity
Add Axios as your preferred source to
see more of our stories on Google.
Photo illustration: Shoshana Gordon/Axios; Photo: Oliver Contreras/Pool/Getty Images
Policymakers are preparing for two very different outcomes if former President Donald Trump wins a second term: A world where he overhauls the U.S. approach to defending against nation-state hacks — and another where he leaves everything exactly as it is.
Why it matters: The Republican presidential candidate has yet to present a detailed plan for how he'd approach key cyber issues like securing utilities or combatting Russian ransomware.
- However, a handful of conservative think tanks and advisers are already pushing specific policies, Axios has learned.
- Some, like Project 2025, call for reworking key agencies like the Cybersecurity and Infrastructure Security Agency and the U.S. Cyber Command. Others simply suggest Trump pursue voluntary cyber standards for companies, rather than mandatory regulations.
Driving the news: Iran's hack of Trump's re-election campaign last month will likely encourage him to further target Iran with sanctions and other retaliatory actions, a former government official told Axios.
- Trump is likely to shift offensive cybersecurity work from Russia and North Korea to China and Iran, the former government official added.
The big picture: Cybersecurity has always been a bipartisan issue driven by nation-state threats rather than social or economic issues. Typical partisan lines don't always apply here.
- Trump has drawn a hard trade line with the European Union, but experts aren't sold on that tension spilling over into cyberspace — where international partnerships are essential to catch spies and ransomware gangs.
- While Republican administrations have historically shied away from tough regulations, it's possible Trump could still impose basic cyber requirements for critical sectors in the name of national security, Brandon Pugh, policy director for the R Street Institute's cyber and emerging threats team, told Axios.
Flashback: The Biden administration kept many of the first Trump administration's national security and cybersecurity policies in place.
- The current TikTok ban started as an idea under Trump (although Trump now says he would attempt to rescind it if elected).
- CISA was created during the first Trump administration, and many marquee federal cyber events, like the President's Cup Cybersecurity Competition, started under his term.
Zoom in: Some experts are citing ideas included in Project 2025 to piece together what a second Trump presidency agenda would look like.
- But the roadmap goes further than the official GOP party line. For instance, it calls for abolishing the Department of Homeland Security and rehousing CISA within the Department of Transportation.
- The State Department would also be encouraged to help the military go "on offense" against adversaries, rather than focus on deterring cyber threats.
Yes, but: It's highly unlikely that Trump would pursue all of Project 2025's ideas.
- But experts are wary of completely discounting the whole plan, considering the former president's track record of bold actions and unpredictability.
- The Trump campaign did not respond to a request for comment.
The intrigue: The course of Trump's cyber policy agenda will likely be set by how the former president addresses the role of CISA and how he approaches diplomatic relationships with Taiwan, experts say.
- In 2020, Trump infamously fired the then-CISA director for saying the November election wasn't rigged. Now, experts say they could see Trump choosing to appoint a new director who would advocate for defunding the agency's election disinformation work.
- On Taiwan, Trump told Bloomberg in an interview in July that he's lukewarm on the idea of defending Taiwan from a potential Chinese invasion — a sharp departure from much of the current intelligence community's work and preparations.
What they're saying: "You could wind up seeing a very ad hoc approach to international engagement on cybersecurity in the Trump 2.0 [administration]," Andrew Howell, a cyber lobbyist at Monument Advocacy, told Axios.
- "Expecting the U.S. to engage regional blocs is probably an unrealistic expectation in the first year of the Trump administration."
Between the lines: No matter who wins in November, experts anticipate that the White House will take an opportunity next year to evaluate how best to pursue critical infrastructure regulations.
- The U.S. Supreme Court's recent ruling axing Chevron deference, which gave legal preference to executive agencies to interpret the laws they enforce, has already complicated some of these regulation efforts.
What we're watching: Most of Trump's advisers on cybersecurity likely aren't going to come back for a second administration — creating an opportunity for a new set of characters.
