Cyber world's wishes for Trump 2.0

Business executives and former officials are hopeful President Trump will act fast to name senior cyber leaders, lean hard into cyber offensives, and implement policies to advance AI cyber tools.

Why it matters: The small pool of mostly bipartisan D.C. cyber policy leaders is likely to have an outsized role in shaping Trump's cybersecurity policy during his second term.

The big picture: Trump started his presidency this week as the U.S. responds to two major China-backed cyber operations — one that spied on high-ranking politicians through U.S. telecommunications networks and another that breached various offices in the Treasury Department.

• Coming into office, Trump's advisers have made vague pledges to increase their cyber offensive operations.
• But few people seem to know what that means — and the U.S. already conducts these exercises but typically keeps the details under wraps.

Yes, but: The president has yet to name officials to lead the country's top cyber offices or make specific comments on how he plans to respond to these intrusions.

Zoom in: I asked several influential business leaders and former officials to weigh in on what they hope Trump will accomplish on cybersecurity over the next four years.

• Here's what they had to say:

💥 Go big on cyber offense, several readers told me.

• The new administration should "take a real look at how cyber offensive power might be more effectively integrated into the mix of U.S. hard power and soft power tools in the wake of aggressive actions from adversarial nation-states," Andrew Borene, a former senior officer in the Office of the Director of National Intelligence, said.
• "The Trump Administration should also revisit our approach for dealing with nation-state threats in cyberspace, especially given recent events like Salt Typhoon that target our critical infrastructure. This includes stronger deterrence in the first place," said Brandon Pugh, director of cybersecurity and emerging threats at the R Street Institute.
• "We should move from a primarily law enforcement mindset, where the focus is on building cases, to an interdiction mindset, where the focus is on dismantling adversarial networks," Mike McNerney, senior vice president of security at cyber risk company Resilience, said.

🛡️ Don't forget to invest in cyber defense, too, said Kurtis Minder, CEO of ransomware response firm GroupSense.

• "I agree we should be building cyber weapons, but we should also be investing as much, if not more, in cyber defense strategies — and not just for our critical infrastructure, but also for the constituents of the country in general," Minder said.

💰 Set up a tax credit for small and medium-sized businesses to purchase cybersecurity tools, Dror Liwer, co-founder of cyber startup Coro, said.

• "These companies are being crushed by cybersecurity regulations and the constant threat of cybercriminals, yet they often lack the resources to implement adequate protection," Liwer said. "A tax credit for cybersecurity investments will level the playing field and afford [small and medium-sized businesses] the level of protection they deserve."

🤖 Embrace AI's potential for cybersecurity, Marcus Fowler, CEO of Darktrace Federal, told me.

• "This is crucial for countering the growing risk of AI-powered threats and can also uplift stretched security teams," Fowler said. "It will be critical for the next administration to embrace the significant opportunity that AI cybersecurity presents in defending our nation."

🌐 Strengthen State's cyber diplomacy bureau so the relatively new office can "effectively lead U.S. efforts in shaping the international cyber ecosystem," said Chris Cummiskey, an Obama-era Department of Homeland Security undersecretary.

📋 Review and name new critical infrastructure sectors, where appropriate, several leaders said.

• Cybersecurity firm Forescout wants to see the Trump administration designate space systems as a critical infrastructure sector "within the next 60 days," said Alison King, the company's vice president of government affairs.
• Cummiskey added that he wants to see the administration "develop a comprehensive system to identify and prioritize critical entities, with a focus on Systemically Important Entities" — a policy idea that would provide additional resources to sectors deemed most important.

🏛️ Nominate a national cyber director by the end of January, King added.

• The Biden administration didn't nominate its first national cyber director until April 2021.

Editor's note: This newsletter was corrected to reflect that Andrew Borene is a former senior officer in the Office of the Director of National Intelligence (not a former staffer of the National Security Council).