Five key players for Trump on cybersecurity

President Trump’s cyber agenda is largely up in the air, with a hotly anticipated cybersecurity executive order yet to emerge from the White House. 

The administration has, however, put in place some key people who will have a major say on cybersecurity, cyber defense, and IT modernization.

Here are five key players for the Trump administration on cybersecurity.

Rob Joyce

President Trump has put Rob Joyce, the former leader of an elite hacking group at the National Security Agency, in charge of overseeing the federal government’s cybersecurity policy efforts at the White House.

With his background in hacking as the former chief of the NSA’s Tailored Access Operations (TAO), Joyce is widely revered among national security experts and seen as a solid choice for the job of Trump’s “cyber czar” — a position that was established by former President Barack Obama in 2009. 

{mosads}“Rob is a certified cyber warrior,” Joel Brenner, a former NSA inspector general and head of U.S. counterintelligence in the Office of the Director of National Intelligence, told The Hill. “He really knows what the nasty world looks like out there, and I’m pleased that he’s in this job.”

Joyce has also instilled confidence in some lawmakers about Trump’s broader cybersecurity strategy.

“I’m optimistic that [the executive order] headed in the right direction because I think they have brought in some good folks like Rob Joyce and others that are advising on cybersecurity issues,” said Rep. John Ratcliffe (R-Texas), who leads a key congressional cyber subcommittee. 

Still, there is the risk that Joyce’s appointment could sow distrust among industry and privacy and civil liberties types, given his background in intelligence activities.

“There’s going to be a natural skepticism and social distrust of anyone who comes from NSA and from an intelligence background,” Tony Sager, senior vice president at the Center for Internet Security, told NextGov in March. “The only way to get over that is to be engaged so people can see where you’re coming from, and that’s what Rob is going to have to.” 

But Jake Laperruque, senior counsel at the Constitution Project, doubted that privacy advocates would see Joyce as a “red flag,” saying that at the end of the day, his experience will win out. 

“I really don’t think there’s any concern from privacy folks,” Laperruque said. “You want someone who’s qualified.” 

Joyce is sure to play a major role in the rollout and implementation of the cyber executive order. In his first public remarks since taking the job last month, Joyce said that the executive order was “close and nearby,” but offered no details on the timeline. 

Jared Kushner 

Cybersecurity experts widely view information technology modernization as a crucial first step in securing the government’s networks. In his leadership role at the White House’s Office of American Innovation, Jared Kushner has been tasked with spearheading the federal government’s IT modernization efforts.

Kushner, a real estate developer and former publisher of the New York Observer who is also Trump’s son-in-law, has gained wide influence at the White House as senior advisor to the president.

Trump gave Kushner more power at the end of March when he unveiled the innovation office, which will be responsible for making policy recommendations to improve government operations in a number of areas, ranging from creating jobs to improving veterans’ services to modernizing services and technology.

In this role, Kushner will collaborate with the private sector to streamline government operations, advancing Trump’s promise of running the government more like a business. 

While the office is still very new, industry representatives have been encouraged by its creation. 

“The way they are setting up the office has tremendous potential,” said Craig Albright, vice president for legislative strategy at BSA the Software Alliance, a trade group that advocates for the global software industry. “It’s like a national security council for technology issues.” 

“It’s still early,” Albright added. “What we can judge now is how they’re setting it up, what people they’re putting in place.” 

Still, Kushner’s lack of a technology background could sow skepticism about his ability to spearhead government-wide IT modernization. Trump’s rocky relationship with Silicon Valley has already threatened to impede the White House’s efforts to reach out for input from technology companies.

Chris Liddell

Like Kushner, Chris Liddell, an adviser to Trump on strategic initiatives, is playing a large role in coordinating policy for the federal government’s use of IT.

Not only does Liddell, a former executive at Microsoft and General Motors, have a spot in Kushner’s Office of American Innovation, he is also now running the related American Technology Council, which Trump established through executive order on Monday. 

The council is responsible for coordinating the “vision, strategy, and direction” of the government’s use of information technology, according to the executive order.

Liddell and other members of the council — including a number of Cabinet members — will make policy recommendations on how to use IT securely and efficiently throughout the federal government. This will involve considering information on cybersecurity threats and vulnerabilities shared by the director of national intelligence, according to the order.

As a former chief financial officer of Microsoft, Liddell could emerge as Trump’s lifeline to the technology community as he works to lead the government to a better use of IT. The council is expected to meet with Silicon Valley leaders sometime in June. 

Liddell appears to already be engaging with lawmakers on IT modernization efforts. He and Reed Cordish, an assistant to Trump on technology initiatives, have publicly backed a bipartisan bill making its way through Congress that would set up streams of funding to incentivize agencies to swiftly transition to newer, more secure technology. 

Homeland Security Secretary John Kelly

As the leader of the Department of Homeland Security, Secretary John Kelly is responsible for a broad agenda, from securing the southern border to protecting critical infrastructure to evolving threats. 

Kelly has also taken the helm of an agency that plays the civilian lead on securing the nation from cyber threats through the protection of federal networks and information-sharing initiatives with the private sector. 

While DHS’s cyber efforts have evolved in recent years, the department has faced criticism from industry for not sharing cyber threat information quickly or robustly enough. Lawmakers are also seeking legislation that would reorganize the department’s cyber mission, creating one operational agency to handle cyber.  

Kelly, a retired Marine general who headed the U.S. Southern Command during the Obama administration, has taken the lead at DHS at a critical time, with the department seeking to deal with increasing cyber threats. 

James Norton, a former DHS official and adjunct faculty member at Johns Hopkins University, said that Kelly’s military experience is likely to give him credibility with the private sector as DHS works to boost its cyber information sharing initiatives. The Pentagon has long engaged with the defense industrial base on cyber threats. 

“I think his military background will obviously help him because the DOD and intelligence community probably have a 10-year lead on cyber,” Norton said.

“It’s going to be important for him to talk to the Hill to get buy-in from them, and industry.”

Kelly will also have the opportunity to make key moves on extending federal protections to state and local voting infrastructure, which the Obama administration designated as “critical” in its waning days following Russian interference efforts in the presidential election. 

While Kelly has signaled support for keeping the designation in place, some state-level officials have taken issue with the decision. Sen. Claire McCaskill (D-Mo.) has already peppered Kelly with questions on his plans to treat election infrastructure as critical, related to what tools DHS will provide and what additional resources would be needed to fulfill the new mission.   

Defense Secretary James Mattis 

Defense Secretary Jim Mattis will also have the power to make key decisions on cyber in his leadership of the Pentagon, which is developing its own defense and offensive cyber capabilities.

One of the most buzzed about issues is the potential separation of the U.S. Cyber Command from the NSA, two organizations that have shared the same leader since Cyber Command was born out of NSA headquarters in 2009.

Experts and former officials widely view the split as inevitable, following Congress’s decision to elevate Cyber Command to its own war-fighting unit through legislation last year. But some have expressed concerns about splitting the unit too soon, which could create tension or “stove piping” of intelligence information.

The Pentagon told The Hill in February that it is assessing the potential of splitting the two organizations. 

The Pentagon is also at the center of the debate over what constitutes an act of war in cyberspace, an issue that has been a prime focus of lawmakers like Sens. Mike Rounds (R-S.D.) and Angus King (I-Me.).

Mattis is required by law to submit a report to Trump and Congress on the military and nonmilitary options for responding to cyber threats and activity by foreign governments and terror groups, which could be the basis for the new administration’s own definition of cyber warfare.

Mattis has signaled his support for working with other government agencies and departments for developing a national strategy to respond to cyber threats.

Jeff Engle, vice president of United Data Technologies’ federal government sector who has a background in cyber at the Defense Department, said that the Pentagon faces challenges in cyber, given the advancement of technologies and adversaries.

“I would expect he’s looking at cyber along the lines of a new low-intensity conflict,” Engle said of Mattis. 

“Efforts being undertaken are well underway, but not going to be able to move as fast as the technological advances because of the same challenges we are facing everywhere else in cyber.”