What a change of power in Washington means for cybersecurity

Four days before the second inauguration of President Donald Trump, his predecessor President Joe Biden issued an executive order that aimed to create a national cybersecurity strategy across federal agencies, private businesses, and critical infrastructure sectors. While President Trump has been quick to roll back other executive orders in his first weeks as president, President Biden’s eleventh-hour call for enhanced cybersecurity is still intact. This suggests that President Trump’s office is aligned with its foundational principles and that cybersecurity will remain a critical priority.

This isn’t necessarily surprising. Every administration since President Barack Obama has been focused on improving the country’s security posture, and that’s not likely to change. However, with a rise in state-sponsored espionage and increasing focus on artificial intelligence (AI) across sectors, the Trump administration is sure to make some tweaks in how it combats threats against the country. As we head into a second Trump term, here’s what security leaders should keep in mind when building and adapting cybersecurity programs.

1. Emerging threats in a complex geopolitical climate will be a top priority

The previous president’s approach to cybersecurity focused strongly on improving customer experience and modernizing services by prioritizing Zero Trust architecture and Customer Identity and Access Management (CIAM). As nations increasingly vied for dominance in the cyber domain, the Biden administration also acted as an equal opportunity defender against all nation states.

The Trump administration, however, will focus largely on the threat landscape from China and Iran, with a strong emphasis on how AI can help create efficiencies in threat detection and response. This is due in part to state-sponsored actors such as China’s Salt Typhoon group, which engage in cyber espionage, intellectual property theft, and disruptive attacks, often targeting critical infrastructure and government agencies. This volatility within the geopolitical climate makes anticipating and preventing these threats even more challenging, but we can expect the Trump administration to double down its efforts in this area.

2. Deregulation could be a double-edged sword

Modernization of IT infrastructure has been a government focus for more than a decade, but threats have evolved faster than its pace of innovation. There’s a lot of outdated, brittle technology still in place, making deregulation of key technologies an appealing opportunity for modernizing cybersecurity efforts.

For instance, on his first day back in office, President Trump overruled Biden’s regulations around the use of AI. This could foster innovation and reduce bureaucratic hurdles, as AI can be used to automate threat detection, analyze vast amounts of security data, and identify suspicious patterns. However, AI can also be weaponized by malicious actors to create more sophisticated and evasive attacks, potentially making deregulation of the technology a risky move. Without clear guidelines and enforcement, companies might prioritize cost-cutting efforts over robust security practices, leaving them vulnerable to attacks. To avoid damaging consequences, security leaders should balance modernization efforts with strong cybersecurity standards and oversight.

3. Public-private partnerships will power cybersecurity efforts

In line with a business-friendly approach to technology, we can expect the Trump administration to increase collaboration between the public and private sectors to support modernization in cybersecurity. This will provide a well-rounded strategy: The government brings insights into national-level threats, while private companies offer valuable expertise in specific industries. President Trump’s office will work together with businesses and cloud service providers to share threat intelligence, coordinate incident response, and develop joint cybersecurity strategies. 

4. Identity is — and will always be — the front door to data security

Identity theft, account hijacking, and data breaches have become rampant as our lives become increasingly digital. Over the next four years, we can expect to see a greater emphasis on multi-factor authentication, biometric verification, and robust identity governance systems to automate key Identity workflows, improve the user experience, and build a strong security fortress.

At Okta, we’ve always known that Identity and Access Management (IAM) is central to a comprehensive security regime. The Trump administration is not going to change that, but the government’s role in regulating data privacy and protecting identities will be an interesting area to watch. 

To stay up to date on the latest news and insights in Identity and security, subscribe to our Access Granted LinkedIn newsletter.