Rudy Giuliani, who will be cybersecurity adviser to the incoming president, says Americans are going to hear a lot more from Donald Trump on digital threats against the country.
“He’s going to elevate this to a very large priority for the government – and I think by doing this, he’s trying to elevate this as a priority for the private sector,” says Mr. Giuliani, the former New York City mayor, in an interview just after the Trump team announced his new role.
Giuliani says Trump will use his “bully pulpit” as president, launching a broad public campaign to “educate people on how important [cybersecurity] is, even to the point of their own personal protection.”
Trump has pledged to improve the country’s digital defenses, but his answers to questions on the campaign trail about how he’d respond to cybersecurity challenges and Russian hacking were widely panned by cybersecurity experts. As the president-elect is reportedly averse to using personal email or computers, he’ll likely need advice on this highly technical field.
So Giuliani, who now serves as chairman of the global cybersecurity practice at Greenberg Traurig law firm and as chief executive officer of international security consulting firm Giuliani Partners, says he’s working to create an outside council of business and technical leaders to provide unfiltered information to Trump and his team about threats to American industry.
The group will comprise experts working on cutting-edge cybersecurity solutions, and business leaders across industries that have been regular targets of hackers, such as the energy, financial, and transportation sectors, Giuliani says.
“The private sector is spending a lot of time and money trying to protect itself against these intrusions. If everybody who is working on this would get together, sit in one room and share information with each other, I don’t know if we’d solve this problem, but we’d get really close to solving it,” he says.
Giuliani says he’s already inundated with responses from the private sector since the announcement from the Trump transition team on Thursday and is looking forward to a “week off” during inauguration to sort through them.
However, with just days before Trump takes office, tensions between the cybersecurity community and the incoming administration remain. Trump has repeatedly denounced US intelligence officials’ findings that Russia orchestrated cyberattacks against political organizations to influence the election, until conceding this week he accepts the intelligence conclusions during his first major press conference as the president-elect.
Some conflicts between the security community and the government predate Trump, too. The tech community went head-to-head with the Obama administration over end-to-end encryption, arguing that strong security protections are needed to protect users’ personal data from hackers, as law enforcement complained encryption made it much harder to investigate terrorists and criminals.
The standoff, left unresolved during the Obama administration, is likely to continue in the Trump years. During the campaign, Trump took a strong antiencryption stance, going so far as to call for a boycott of Apple when it pledged to fight a court's ruling to help the FBI unlock the iPhone used by the shooter in the San Bernardino terror attack, a move that worried many security and privacy experts.
Giuliani does not believe Trump’s statements on encryption or the intelligence community will prove to be obstacles in gaining the cooperation of the private sector, and promised to hear from all stakeholders’ points of view.
“If we were to do encryption, we would try to bring in all the stockholders – the [tech] companies, and I think you’d have to bring in some of the law enforcement people, have them talk it out and see if there isn’t a solution that can be reached,” he says. “Encryption is a method of providing privacy. It can also be a method that can be used in order to commit crimes the government is unable to uncover. You’ve got two very conflicting things going on and I honestly don’t know the solution nor am I going to give them [the administration] a solution – that’s not my job. What I’m going to do is make available to them all the points of view so they can come to the right decision.”
“I’ll try to be as unbiased as possible,” he adds.
Drawing upon a rotating array of experts providing raw information, rather than specific recommendations, appears to be a different tactic than the most recent effort by President Obama to gather input from the private sector. Obama’s Commission on Enhancing National Cybersecurity was made up of a dozen business, tech and academic leaders who outlined specific priorities for the next decade.
Its recommendations, released last month, recommended that the incoming administration begin to implement new measures, including to establish lasting public-private partnerships, develop international norms for cybersecurity and a new Cybersecurity Ambassador position, and initiate a national program to train 100,000 cybersecurity specialists by 2020.
However, Passcode’s own pool of 160 digital security and privacy experts, in a post-election survey, have already voiced skepticism that cybersecurity will improve in a Trump administration, especially in light of his past comments on encryption, Russian hacking, and the president-elect's admitted personal lack of tech know-how.
What’s more, security experts on Thursday, the day the Trump transition team announced Giuliani’s new role, found the website of his security company – giulianisecurity.com – “woefully lacking” in digital protection.
“You don't need to bring the world's greatest computer minds together in the same room to know that it's a good idea to keep your web server software properly patched,” researcher Graham Cluley says in his blog. “None of us should feel too smug, of course…. But these are the kind of issues that any self-respecting IT guy would have found in a short period of time, and certainly should have been addressed before someone is named as leading the United States's fight against hackers.”
That said, some experts now say Giuliani, a public figure known for his bold and often controversial comments, could serve as an effective advocate for cybersecurity in his new role – if the new administration can approach the issues with an eye to their complexities and subtleties.
“Giuliani has a reputation for being able to cut through bureaucracy, which is good,” says Herb Lin, a senior research scholar for cyber policy and security at Stanford University, who was also on the commission tasked by Obama to improve cybersecurity. “And on the other hand, he has often has a tendency to shoot from the hip. He’s not particularly sensitive to nuance. Overlooking nuance is a problem that many cybersecurity experts have frowned on in the past.”
What’s more, experts say, Giuliani’s business ties have granted him an in with the tech and cyber communities, which could have him poised to recruit some of the industries’ top talents. For his part, Giuliani has built connections to the cybersecurity field for more than a decade, with his firm partnering with accounting giant Ernst & Young in an effort to raise awareness of corporate cyberthreats in 2003. At Greenberg Traurig, he chairs the cyber law practice.
“He’s got a very strong brand out there,” says J.J. Thompson, founder of the cybersecurity firm Rook Security, which worked with the Republican National Committee. “Especially when it comes to dealing with the largest security challenges the country has had to face. He’ll be in a strong position to bring leaders to the table.”
And while Trump’s initial comments have raised concerns for some experts, others say there are reasons to be hopeful about the state of cybersecurity under his leadership. He’s called for amping up US cybersecurity efforts, and for using couriers to send some important documents rather than relying on digital means for all communication, a suggestion that a number of experts in the field applaud.
A new president means new opportunities, Mr. Thompson says. “The [cybersecurity] community is in a position where they can help directly improve the country’s cybersecurity posture,” he says. “Anybody who’s not willing to contribute to that isn’t answering the call for duty.”