President Trump’s Homeland Security Adviser Tom Bossert has drafted a new cybersecurity executive order, which will direct certain agencies to provide reports on their cybersecurity within a set number of days, according to retired Gen. Michael Hayden, who has served as the director of both the National Security Agency (NSA) and the CIA.
Hayden said he has read the draft and characterized it as “what you’d expect,” praising Bossert’s expertise in the field and adding that everyone he knows is celebrating the appointment.
“I think it’s the right kind of executive order, still hasn’t been published,” said Hayden. “Tom is a wonderful choice. That’s heartening.”
Hayden, who spoke Tuesday at the Forcepoint Cyber Leadership Forum, was highly critical of the administration’s previous attempts at cybersecurity policy, specifically initiatives to place the Department of Defense in charge of ensuring the cybersecurity of the Nation’s critical infrastructure.
“I don’t know of anyone who thinks that was a good idea,” said Hayden. “I can’t find anyone in DoD who thinks that was a good idea to give them the responsibility for the cyber defense of critical infrastructure here in the United States.”
Beyond a cybersecurity executive order, Hayden said that he was uncertain of the direction the new administration will take in cyber.
“I don’t know, because I don’t think they know,” said Hayden, explaining that of the 600 positions in the Federal government that are political appointees needing confirmation, only 60 have been named, making it difficult to pin down the new administration’s intended direction.
“I do believe that a Trump-like administration will be more willing than average to embrace a private sector robust role and to create a community and policies that work for the private sector to be all they can be,” said Hayden.
However, Hayden also argued that it wasn’t the government that would ultimately lead the charge in improving cybersecurity, reiterating his comments in January that the private sector will be best positioned to take control in that space.
“Our government is not going to fix this, not because the government is not trying. Our government is always late to need. The cavalry ain’t coming,” Hayden said. “When the government is late to need in the United States, the private sector steps up.”
Hayden explained that the U.S. government will be especially late in addressing cyber because clauses in the Constitution prevent excessive search and seizure, limiting law enforcement’s movement in cyberspace, such as was the case between the FBI’s battle with Apple over access to the San Bernardino shooter’s iPhone. Hayden supported Apple in that case, arguing that the government couldn’t take actions that would harm a private company’s ability to protect citizen data.
Hayden added that much of the United States will have to change its cultural instincts when it comes to cyberspace, by turning first to private companies as protectors rather than law enforcement and the government.