Trump is also unlikely to continue the Biden administrationâs campaign to limit the proliferation of commercial spyware technologies, which authoritarian governments have used to harass journalists, civil-rights protesters, and opposition politicians. Trump and his allies maintain close political and financial ties with two of the most prolific users of commercial spyware tools, Saudi Arabia and the United Arab Emirates, and he showed little concern about those governmentsâ human-rights abuses in his first term.
âThereâs a high probability that we see big rollbacks on spyware policy,â says Steven Feldstein, a senior fellow in the Carnegie Endowment for International Peaceâs Democracy, Conflict, and Governance Program. Trump officials are likely to care more about spyware makersâ counterterrorism arguments than about digital-rights advocatesâ criticisms of those tools.
Spyware companies âwill undoubtedly receive a more favorable audience under Trump,â Feldstein saysâespecially market leader NSO Group, which is closely affiliated with the Trump-aligned Israeli government.
Dubious Prospects
Other Biden cyber initiatives are also in jeopardy, even if their fates are not as clear.
Bidenâs National Cybersecurity Strategy emphasized the need for greater corporate responsibility, arguing that well-resourced tech firms must do more to prevent hackers from abusing their products in devastating cyberattacks. Over the past few years, CISA launched a messaging campaign to encourage companies to make their products âsecure by design,â the Justice Department created a Civil Cyber-Fraud Initiative to prosecute contractors that mislead the government about their security practices, and White House officials began considering proposals to make software vendors liable for damaging vulnerabilities.
That corporate-accountability push is unlikely to receive strong support from the incoming Trump administration, which is almost certain to be stocked with former business leaders hostile to government pressure.
Henry Young, senior director of policy at the software trade group BSA, predicts that the secure-by-design campaign will âevolve to more realistically balance the responsibilities of governments, businesses, and customers, and hopefully eschew finger pointing in favor of collaborative efforts to continue to improve security and resilience.â
A Democratic administration might have used the secure-by-design push as a springboard to new corporate regulations. Under Trump, secure-by-design will remain at most a rhetorical slogan. âTurning it into something more tangible will be the challenge,â the US cyber official says.
Chipping Away at the Edges
One landmark cyber program canât easily be scrapped under a second Trump administration but could still be dramatically transformed.
In 2022, Congress passed a law requiring CISA to create cyber incident reporting regulations for critical infrastructure operators. CISA released the text of the proposed regulations in April, sparking an immediate backlash from industry groups that said it went too far. Corporate America warned that CISA was asking too many companies for too much information about too many incidents.
