In a new report, UC Berkeley’s Center for Long-Term Cybersecurity offers suggestions to President Elect Trump.

Now that the election is over, the nation’s attention has turned to President Elect Donald Trump and what a Trump Administration will mean for cyber security. Notably, information security was the only tech-related topic Trump addressed directly on his official website. However, Trump’s plan outlines procedural generalities and does not go into technical specifics, something that is to be expected from a candidate who hails from a business background and has admitted to not being particularly tech-savvy. Since Trump’s election, his cyber security team has been slow to take shape.

In light of this and the fact that data breaches, ransomware attacks, and other cyber crimes are escalating in intensity, frequency, and cost, the Center for Long-Term Cybersecurity at UC Berkeley has come up with a list of five suggestions for President Elect Trump:

1. Publicly Declare a New Era of “Active Defense”

The first suggestion UC Berkeley has is for Donald Trump to make a strong public declaration that the U.S. is entering a new era of “active defense” against cyber crime. In particular, the Center wants two norms established: 1) a more active role for the federal government in responding to nation-state cyber attacks and 2) an acknowledgement that electoral systems are a matter of national security both in the U.S. and abroad, that the U.S. will not interfere with other countries’ electoral systems, and that the U.S. will respond forcefully to any attempts by foreign cyber criminals to interfere with ours.

2. Build Public Awareness of Cyber Security

It is well-known that the weakest link in any organization’s cyber security plan is its people. The overwhelming majority of data breaches are the result of hackers obtaining legitimate login credentials, usually through phishing emails and other social engineering schemes. Unfortunately, most Americans are woefully uneducated on cyber security issues, which is why these incidents keep happening. To mitigate this problem, UC Berkeley would like to see President Elect Trump “make cyber security the next seatbelt” and implement a public awareness and education campaign to make everyday citizens aware of best cyber security practices. The Center would also like to see cyber security taught at the K-12 level as part of basic computer literacy, just as many schools are now teaching basic coding.

3. Address the Cyber Security Skills Shortage

The cyber security field is grappling with a severe skills shortage; there are approximately 200,000 unfilled cyber security jobs in the U.S., and demand is expected to increase by 53% by 2018. To address this problem, the center has three suggestions for President Elect Trump:

• Forgive or, at least, defer student loans for new graduates who want to build careers in the cyber security field;
• Offer special cyber security visas for foreign-trained talent; and
• Establish online education programs so that anyone with the desire to study cyber security can do so.

4. Establish a “Cyber Workforce Incubator”

UC Berkeley points out that a great number of cyber security professionals are concentrated on the West Coast. For numerous reasons, it can be difficult to entice these workers to move to the East Coast, where the federal government is headquartered. The Center suggests that Trump set up a national “Cyber Workforce Incubator,” headquartered on the West Coast, that would allow these professionals “to work on national security challenges without giving up their work cultures and networks.” The Center envisions that these professionals would be given the opportunity to work in the incubator for one to two years at a time, allowing them to serve their country by working on “the most important national security challenges before returning to the private sector refreshed and inspired.”

5. Create a New Government Agency Dedicated to Cyber Security

The Center’s final suggestion is that President Elect Trump set up a new government agency, tentatively called the Cyber Advanced Research Projects Agency (CARPA), to “aggregate existing government and DARPA cyber initiatives and focus specifically on innovating in a field that is increasingly critical to civilian as well as military life.” The Center’s logic is that, in an increasingly digitized world, cyber security has a fundamental part of national security. The defense of our nation’s critical digital infrastructure cannot be left solely to the private sector anymore than the defense of our physical infrastructure and borders.

Throughout his campaign, Donald Trump referred to cyber security in the context of national security. It is possible that his administration will increase spending on cyber security at the federal level and impose more stringent requirements on state and local governments. These would be welcome changes. As the new administration moves forward and coalesces its policies, it’s important that cyber security professionals and private sector businesses vocalize our ideas and issues and ensure that our concerns are heard.

Author's Bio: 

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions.

He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.