Donald Trump has cut a swathe through the organisational cybersecurity infrastructure put in place by the Biden Administration, though the outgoing president’s final words on the topic remains curiously untouched.
The Department of Homeland Security this week scrapped all its advisory groups, including the Joe Biden-created Cyber Safety Review Board.
CSRB is best known in security circles for a cutting March 2024 report into Microsoft’s security practices and culture after a 2023 intrusion. It also published a detailed and informative paper on the LAPSUS$ and associated groups’ widespread attacks and social engineering techniques.
The CSRB had been investigating the Salt Typhoon cyberattack on US telecoms infrastructure. According to reports, the acting head of the Department of Homeland Security, Benjamine Huffman, has fired all the members of its advisory committees.
A leaked internal memo says this is part of a commitment to “eliminating the misuse of resources and ensuring that DHS activities prioritize our national security”. Members were welcome to reapply, the memo said, adding “thank you for your service.”
Toby Murray, professor of cybersecurity, writing on The Conversation, said the board was the cyberspace equivalent of the National Transportation Safety board, which investigates catastrophes like air crashes. Firing the board imperilled the Salt Typhoon probe and meant important lessons might not be learned.
The move came just days after incoming DHS chief Kristi Noem, told a confirmation hearing that CISA must be smaller and more nimble. This seems to mean ditching any focus on disinformation and misinformation work, which she said “gotten far off mission.”
When Noem was governor of South Dakota, she turned down Federal cybersecurity funding. Within a year, she revealed her own phone had been hacked, something she put down to the January 6 investigation.
The incoming administration has ripped through other parts of the Biden tech legacy, including overturning a slew of the former president’s executive orders, including those on AI safety. Links to these on the White House website are now dead, as are links to the Office of the National Cyber Director, another Biden creation.
However, one small element remains. One of Biden’s last executive orders - 14144, from January 16 – aimed to strengthen and promote innovation in the nation’s cybersecurity.
It laid out detailed timetables for establishing more transparency in government software and cloud supply chains, and to set guidance for combating cybercrime and fraud. It also demanded the secretary of defense set out a program to use advanced AI models for cyber defense. And it spelled out requirements on space systems and cybersecurity.
It’s easy to see how some, even all, of this might be at odds with the wants list of newly Trump aligned big tech.
However, 14144 is not included on the list of “Initial Recissions”. And while it can't be found on the White House website, it lives on at the Federal Register. Which means that it is still officially part of the US’s cyber furniture. For now.
