Cybersecurity's uneasy marriage with Washington gets tested by Trump
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Allie Carl/Axios
If the cybersecurity sector and government officials learned anything this week in San Francisco, it's that they're stuck with one another.
- But their uneasy marriage isn't guaranteed to stay intact.
Why it matters: Tensions are high amid federal workforce layoffs, high-profile firings, contract cuts and rising partisan tensions.
- Many executives saw their meetings with government officials and political nominees at the RSA Conference this week — the cybersecurity industry's big annual gathering — as a test of whether their public-private partnerships will survive the new administration.
The big picture: These partnerships were always a tough but essential balancing act.
- Companies have long feared retribution if they disclose security failures that let hackers in.
- They've also questioned the asymmetry of the relationship — sharing threat intelligence with the government and getting little in return.
- Yet each side sees different parts of the threat landscape: Companies face nation-state actors while helping customers, and governments exchange high-value intelligence with global partners.
State of play: Under former President Biden, these partnerships were the strongest they've ever been — but still built on shaky ground.
- Recent cuts to federal contracts and advisory councils — plus the Justice Department's pending investigation into former CISA director Chris Krebs — have eroded trust.
- "We've had very minimal collaboration, as much as we would like [to], with public sector," said Proofpoint CEO Sumit Dhawan during a panel Tuesday. "The partnership has been when something has [already] happened."
Between the lines: The Trump administration's decision to attend RSAC signals they intend to maintain those partnerships, Brandon Wales, a former CISA official, told Axios.
- "We need to continue to mature what that relationship looks like," Wales added. "It shouldn't be static, because our adversaries are continuing to get better."
Reality check: All the "easy" cyber policy issues are done, an industry source told Axios. What's left are the hard ones — like mandating secure-by-design rules for federal contractors and defining roles among overlapping cyber offices.
What they're saying: Cybersecurity companies "know what they are doing when they see a new pattern develop … or something specifically designed to infiltrate our nation's security," Homeland Security Secretary Kristi Noem said during a keynote talk at RSAC on Tuesday.
- "They have to feel like they have the ability to communicate that with us," she added.
Zoom in: Some cybersecurity executives are optimistic the administration will still strengthen ties with industry.
- Kevin Mandia, co-founder of Ballistic Ventures and founder of Mandiant, told Axios he's hopeful the administration will pursue new levers that can deter nation-state hackers.
- "There's tremendous opportunities, and there always have been, to make it so that you don't get sucker-punched in cyberspace," he said.
Yes, but: Cyber leaders are also going public with their concerns about CISA cuts and the Krebs investigation.
- Krebs, in his first public appearance since President Trump's order, said the public should be "absolutely outraged" by the cuts.
- Jen Easterly, his successor, said on a panel that "perhaps the new leadership in the Department [of Homeland Security] … has not had the opportunity to dig deep into the CISA statute."
- She added that Noem would likely find everything she wants CISA to do is "already being done."
- More than 40 cybersecurity professionals signed an open letter this week condemning Krebs' "political persecution."
What to watch: Trump hates the term "private-public partnership," the industry source said — so even if the ties remain, the label may not.
Go deeper: Cyber bipartisanship on the brink
