More Spyware, Fewer Rules: What Trump’s Return Means for US Cybersecurity

Experts are predicting that, should Donald Trump secure a second term in office, his administration will adopt a significantly different approach to cybersecurity compared to the one seen under previous administrations. Key aspects of this shift are expected to include the relaxation of certain cybersecurity rules for businesses, a reduced focus on human rights issues, and a much more aggressive stance toward the cyber capabilities of U.S. adversaries, particularly in nations like China, Russia, and Iran.

One of the most significant shifts that experts anticipate is a relaxation of cybersecurity regulations for businesses. During the Trump administration's first term, the regulatory environment surrounding cybersecurity was somewhat ambiguous. While the administration placed some emphasis on the need for stronger cyber defenses in the private sector, particularly in critical infrastructure areas like energy and finance, Trump was often at odds with the more stringent regulatory frameworks advocated by cybersecurity experts and some lawmakers. His administration favored a more business-friendly approach, pushing for fewer regulations overall, including in the tech and telecommunications sectors.

In a second term, Trump is expected to take a similar stance, favoring deregulation in areas that would lighten the burden on businesses. This could include loosening requirements for businesses to implement certain cybersecurity practices or to report data breaches. For example, companies might face fewer obligations to disclose security vulnerabilities, potentially lowering compliance costs. In particular, experts believe that Trump’s administration would be likely to ease or scale back the mandates put in place by his predecessors, such as those enforced by the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA), which require companies to adhere to specific standards for protecting sensitive data.

The rationale behind such moves would likely be rooted in Trump’s broader economic philosophy, which prioritizes deregulation and aims to encourage innovation and growth within the private sector. Proponents of this approach argue that businesses should have more flexibility to determine how they protect their data, rather than being subjected to heavy-handed government rules. Critics, however, warn that this could lead to a less secure digital environment, potentially making the country more vulnerable to cyberattacks. These critics fear that without stricter regulations, businesses might fail to implement the necessary protections, putting personal data and critical infrastructure at greater risk.

Another area where experts expect a change is in the U.S. government’s focus on human rights in the context of cybersecurity. Under previous administrations, particularly during Barack Obama’s and Joe Biden’s presidencies, there has been a notable emphasis on ensuring that human rights considerations are integrated into cybersecurity policy. This includes concerns around online censorship, surveillance, and the protection of citizens’ rights in the digital space. The U.S. has historically been vocal about human rights abuses conducted through digital means, often calling out authoritarian regimes for suppressing freedom of expression, restricting internet access, or using cyberattacks to undermine democratic processes.

However, Trump’s administration has shown less interest in prioritizing human rights on the international stage. His foreign policy during his first term was more transactional, often placing national security and economic interests ahead of human rights concerns. As a result, experts expect that, in a second term, the U.S. could take a step back from advocating for digital human rights, particularly in countries like China and Russia, where the use of cyber tools to monitor and control populations is a growing concern. Rather than focusing on the actions of authoritarian governments in cyber space, Trump’s administration is likely to prioritize combating cyber threats from these nations, regardless of the human rights implications.

On the international stage, experts also expect Trump to take a much more aggressive stance against the cyber armies of U.S. adversaries, especially China, Russia, and Iran. These countries have been behind some of the most significant and high-profile cyberattacks in recent years, ranging from large-scale espionage campaigns to attempts to disrupt critical infrastructure. Under Trump, the U.S. is likely to escalate its offensive cyber capabilities, making use of cyber tools to actively disrupt and retaliate against adversarial cyber operations.

Trump has already shown a willingness to engage in cyber warfare, such as with the U.S. Cyber Command’s efforts to interfere with Russian disinformation operations during the 2018 midterms. In a second term, experts believe that Trump would continue to ramp up these efforts, potentially authorizing more aggressive cyberattacks against foreign adversaries. This could include disrupting foreign government networks, sabotaging the operations of cybercriminal organizations, or using cyber tools to target specific individuals or entities responsible for launching cyberattacks against the U.S. or its allies.

A key component of Trump’s approach to cybersecurity would likely be an emphasis on deterrence and retaliation. His administration is expected to focus on demonstrating that cyberattacks against the U.S. will not go unpunished, signaling to adversaries that there are significant consequences for engaging in cyber espionage or attacks. Trump's more confrontational approach would likely involve greater collaboration with allies to share intelligence and coordinate cyber responses, particularly against common adversaries like Russia and China.

In addition, Trump is expected to continue pushing for increased investment in cyber defense, focusing on strengthening U.S. military and intelligence cyber capabilities. This would include more funding for the U.S. Cyber Command, which has been tasked with both defending against and launching cyber operations, as well as the development of new offensive cyber capabilities. The Trump administration is also likely to encourage private sector partnerships to enhance the country’s overall cybersecurity posture, leveraging the expertise of American tech companies to improve defense mechanisms.

However, this more aggressive stance could bring with it significant risks. The increased use of offensive cyber operations could escalate tensions with adversarial nations, potentially triggering retaliation in the form of cyberattacks against U.S. critical infrastructure or private sector entities. Additionally, there could be concerns about the ethical implications of conducting cyber operations, especially if they result in collateral damage or unintended consequences.

While Trump’s second term would likely see a shift away from some of the more collaborative, human rights-focused approaches that have characterized U.S. cybersecurity policy in recent years, it would also mark a continuation of the administration’s focus on strengthening cyber defenses and taking a harder stance against adversaries. The combination of deregulation for businesses, a reduced focus on human rights, and a more aggressive posture against cyber threats from foreign nations is likely to shape the U.S. cybersecurity landscape in significant ways.

In summary, experts anticipate that Donald Trump’s second term would usher in a cybersecurity policy that is less focused on regulation and human rights and more centered on offensive operations and deterring adversarial threats. While this approach may appeal to businesses looking for fewer regulations and to those prioritizing national security, it could also raise concerns about increased cyber risks and the potential for escalating conflicts in cyberspace. As Trump seeks to reshape cybersecurity policy, his administration’s actions will undoubtedly have wide-reaching implications for both domestic businesses and international relations.