The document outlines the anticipated cybersecurity approach of the Trump administration, highlighting President-elect Trump's lack of a comprehensive plan but an inclination towards offensive cyber operations. It suggests a preference for private-sector solutions over federal regulation and emphasizes the administration's focus on retaliation against state-sponsored hacking and protecting critical infrastructure. Key influencers in the administration will play significant roles in shaping cybersecurity policies, and companies are encouraged to engage in early discussions to influence the evolving agenda.

1. Cybersecurity under the
Trump Administration
Authors: George Little, Mark Seifert and Siobhan Gorman
November 2016
Brunswick
Intelligence

2. Cybersecurity
under the Trump
Administration
Overview
President-elect Donald Trump
has not laid out a comprehensive
plan to address cybersecurity
challenges. We anticipate that his
views will take shape as he begins
receiving intelligence briefings
that provide details of the cyber
threats facing the country. If Trump
follows the Republican platform,
he will be inclined to step up
offensive cyberattacks in response
to state-sponsored hacking of U.S.
entities. His position on whether
the government should be able to
access encrypted communications
is unclear. When it comes to
bolstering the cybersecurity of
U.S. businesses, he is expected to
support private-sector solutions
over regulation. In terms of the
U.S. government, he has called
for a top to bottom review of its
cybersecurity defenses.
How to respond to the election-
related hacks that U.S. intelligence
agencies have attributed to Russia
will be an early cybersecurity
challenge for the Trump
administration. The Obama
administration has stated publicly
that it will retaliate against Russia
for the hacking. Early signs indicate
Trump will continue this approach
more broadly and consider a
more offensive position to state-
sponsored hacking. A related
decision Trump will face is whether
and when the U.S. government
should retaliate against state-
sponsored hacking when the target
is a U.S. company or other non-
governmental entity.
From a reputational standpoint,
the nascent state of a cybersecurity
policy framework from the Trump
administration allows companies
to offer perspectives as they relate
to issues of interest to business.
Given that Republicans control
both houses of Congress and the
White House, the opportunity
for action is strong. Given the
traditional aversion to regulations
for the private sector, expect
Congressional action to focus on
oversight of implementation of
the Cyber Security Act of 2015,
including business and government
information sharing programs,
and sharing threat information
between the U.S. and other
countries. This Congress will be
looking for ways to spur industry-
government partnerships that
will elevate cyber preparedness
and response. In recent history,
agencies such as the Securities and
Exchange Commission have been
prone to more regulatory action,
but it remains unclear whether
this will continue under the next
administration given the value of
limited regulation to the market.
In addition to oversight of key
cyber issues such as nation state
attacks and threats against critical
infrastructure, the administration
will likely look to the private sector
for guidance.
Key Takeaways
„„ Hacking by foreign
actors, encryption, and
cyberattacks targeting
critical infrastructure are
likely to be the main cyber
issues confronting the Trump
administration.
„„ Private-sector solutions to
cybersecurity issues will
be favored over federal
regulation, providing
companies with an
opportunity to speak out on
issues of interest to business.
„„ Prominent policy influencers
in the new administration
will include Sen. Jeff Sessions
(R-AL) as Attorney General,
Rep. Mike Pompeo (R-KS) as
Director of the CIA, retired Lt.
Gen. Mike Flynn as National
Security Adviser, and K.T.
McFarland as Deputy National
Security Adviser as well as
Silicon Valley billionaire Peter
Thiel.
„„ Companies with a
strong policy position on
cybersecurity should reach
out to the administration and
related influencers early-on
to ensure their involvement in
policy development.
2

3. Companies seeking a particular
policy outcome in the new
administration have the
opportunity to champion policies
in a space that has yet to solidify.
Given the spotlight on cyber issues
during the campaign, companies
with proposals that address cyber-
related concerns can strike early to
influence the debate. Otherwise,
companies without a considered
policy position on cyber-related
issues would do well to monitor the
conversation as the politics and
policies develop over the next six
months.
Cyber Proposals
from the
Campaign
Throughout the campaign,
Donald Trump provided limited
concrete cyber policy proposals
other than promises to make
cybersecurity a “top priority” and
order a “thorough review of cyber
defenses and weaknesses.”
„„ Cyber Threats: At an October
event in Virginia, Trump called
cyberattacks from “China,
Russia, and North Korea… one
of our most critical national
security concerns” and called
for enhanced counterattack
capabilities to respond to state
and non-state actors.
„„ Encryption: Although encryption
is not explicitly included in his
official platform, Trump called
for a boycott of Apple in February
2016 for not helping the FBI access
its encrypted devices.
„„ Internal Review: Trump’s official
cyber platform calls for “an
immediate review of all U.S. cyber
defenses and vulnerabilities,
including critical infrastructure”
by a Cyber Review Team.
3

4. Policy
Influencers
The members of Trump’s
transition team largely agree on
the need for greater retaliation
against state-sponsored hackers,
cyber protections for critical
infrastructure, and backdoors
for federal access to encrypted
devices. An increased reliance on
private sector cyber solutions is
also supported by several members
of the transition team. Although
much remains unclear at this
time, the following individuals and
organizations will be important
sources for the administration as it
moves forward.
Influential Individuals
Sen. Jeff Sessions (R-AL) has been
a member of the Senate Armed
Services Committee and will be
nominated as the next Attorney
General.
„„ Cyber Threats: Sen. Sessions
has criticized the Obama
administration for not adequately
addressing cyber threats and not
creating a comprehensive “cyber
doctrine.” Overall, however, Sen.
Sessions has not been very vocal
on cybersecurity issues.
A former director of the Defense
Intelligence Agency, retired Lt. Gen.
Mike Flynn is also a vice-chairman
of the Trump transition team and
the incoming White House National
Security Adviser.
„„ Cyber Threats: Lt. Gen. Flynn
has been quite vocal about the
“growing” cyber threat of non-
state actors and has called for
retaliatory action against state-
sponsored hacking.
A former aide during three
Republican presidencies, national
security analyst K.T. McFarland
is the incoming Deputy National
Security Adviser.
„„  Cyber Threats: McFarland
has suggested that the U.S.
is currently in a “cyber war”
with Russia and has called for
a stronger offensive stance to
address state-sponsored hacking.
Representative Mike Pompeo
(R-KS) is a member of the House
Permanent Select Committee on
Intelligence and will be nominated
as the Director of the CIA.
„„ Encryption: As a member of the
Select Committee on Intelligence,
Rep. Pompeo supported increased
data collection for surveillance
purposes and backdoor access to
encrypted devices.
James Carafano is the vice president
for foreign and defense policy at
The Heritage Foundation and has
been assigned to oversee the foreign
policy transition.
„„ Encryption: In March 2016,
Carafano co-authored a paper
on the Apple encryption debate
that supported the creation of a
committee to study encryption
and recommended that the
committee examine the needs of
the country in terms of defense
and intelligence as well as
personal liberty.
„„ Regulations: In additional papers
over the past year, Carafano
has asked the U.S. government
to abandon “heavy-handed”
regulations in favor of public-
private information sharing on
cyber threats.
Peter Thiel is one of the few Silicon
Valley billionaires to publicly
support Trump and will be one
of the most influential voices on
4

5. behalf of the tech sector. Thiel is a
co-founder of PayPal and software
company Palantir as well as one
of Facebook’s first professional
investors.
„„ Encryption: Confinity Inc., a
company co-founded by Thiel as
an early version of PayPal, gave
users the tools to encrypt data
on their devices. Thiel has not
been publicly vocal about this
issue but is well-versed on the
private sector’s views regarding
encryption.
Influential Think Tanks
„„ On November 1, 2016, The
Heritage Foundation
published “Blueprint for a New
Administration: Priorities for
the President” suggesting that
the incoming president improve
government cybersecurity
practices and establish a National
Cyber Center to conduct cyber
analysis at a national level.
„„ On June 14, 2016, the American
Enterprise Institute published
“An American Strategy for
Cyberspace: Advancing Freedom,
Security, and Prosperity”
outlining the foundation’s views
on cybersecurity. In this report,
AEI called for global cooperation
to address cybercrime and
increased efforts to defend
critical U.S. infrastructure from
cyberattacks.
„„ The CATO Institute’s most
prominent voice on cybersecurity,
Senior Fellow Julian Sanchez, has
criticized Trump for his lack of
clarity on cybersecurity issues.
„„ Over the past year, the Hoover
Institution’s cybersecurity
division has focused on issues of
encryption and malicious hackers
but has also called for greater
regulation of foreign intelligence
surveillance.
„„ The Hudson Institute has
occasionally discussed the
need for cooperation between
Washington and the private
sector in the encryption debate.
George Little
Partner, The Brunswick Group
(202) 393-7337
glittle@brunswickgroup.com
Mark Seifert
Partner, The Brunswick Group
(202) 393-7337
mseifert@brunswickgroup.com
Siobhan Gorman
Director, The Brunswick Group
(202) 393-7337
sgorman@brunswickgroup.com
In Conclusion
As the Trump administration has provided a limited framework on cybersecurity issues, opportunities still
exist for companies to involve themselves in the formation of this agenda. Major cyber issues addressed by
the administration will include responses to state-sponsored hacking as well as encryption and protections
for critical infrastructure. Companies looking to influence the cyber policy debate should reach out to the
administration and influential parties early to participate in this rapidly changing conversation. We welcome
the opportunity to discuss this evolving political landscape, and we will provide updates as policies develop
under the new administration.
Sincerely,
5

6. Contact Brunswick
Washington, DC
1099 New York Avenue, NW
Suite 300
Washington, DC 20001
USA
Tel: +1 202 393 7337
Email: washingtonoffice@brunswickgroup.com
www.BrunswickGroup.com
Brunswick Group
Brunswick is an advisory firm specializing
in critical issues and corporate relations:
a global partnership with 23 offices in
14 countries. Founded in 1987, Brunswick
has grown organically, operating as a single
profit center – allowing us to respond
seamlessly to our clients’ needs, wherever
they are in the world.
6