As the US heads into a historic election, with a deadlocked electorate facing a choice between two radically different presidential candidates, several cybersecurity matters could be determined by who wins the contest on Nov. 5.
Democratic Vice President Kamala Harris and Republican candidate Donald Trump offer drastically different visions for the nation on many big questions, such as economic growth, healthcare, and national resilience. But some experts believe there is less divergence regarding cybersecurity than other issues. “There’s more bipartisan consensus on cybersecurity than you might think,” James Lewis, SVP and director of the technology and public policy program at the Center for Strategic and International Studies (CSIS), tells CSO.
“There are a lot of shared views on what needs to be done,” Lewis says. “In talking to both camps, I’ve learned there’s more commonality than you might think.”
Still, experts suggest the following five crucial cyber issues could be impacted by next week’s election results.
Dealing with cyber adversaries: Russia could emerge stronger
Nation-state cyber adversaries top the list of critical issues facing the next administration and Congress, specifically Russia, China, North Korea, and Iran.
The platform Harris debuted at the Democratic convention last summer barely mentions cybersecurity but references continuation of Biden’s efforts to address cyber threats. Most experts believe Vice President Harris will likely stay that course.
“Harris has what I would call the sane approach to cybersecurity,” Lewis says. “She will not be a straight-line continuation of the Biden administration, but I think we have a good idea of what her cybersecurity policies would look like.”
Trump is the wild card when it comes to the big four cyber adversaries, given his well-known fondness for the authoritarian leaders of Russia, China, and North Korea. Most experts agree that for all his admiration of China’s Xi Jinping, Trump, like Harris, would be forced to counter the country’s increasingly aggressive adversarial actions in cyberspace.
“I think both Republicans and Democrats seem fairly united as far as understanding that there are huge tensions with China,” David Brumley, CEO of Mayhem Security, tells CSO. “The interesting thing about China that sets it apart from Russia and North Korea is that it’s a technology hub the US depends on.”
Despite his prior exchanges with North Korea’s Kim Jong Un, “there’s really nothing Trump can operationalize with North Korea,” Lewis says. “What’s he going to do, say, ‘Go ahead; rob banks’?”
But Trump’s closeness with Russian president Vladimir Putin could shift US policy in a more helpful direction to the Kremlin. “I think the big question is what Trump would do on Russia,” Lewis says.
“What the candidates would do about Russia would be different,” Ari Schwartz, managing director of cybersecurity services at Venable, tells CSO. “There’s no question about that and what kind of pressure they would put on cyber actors, Russian cyber actors, and criminal cyber actors and how they would deal with the Russian state. Harris would continue the path we’re currently on and Trump’s a question mark regarding how he would deal with it.”
Rear Admiral (Ret.) Mark Montgomery, senior director of the Center on Cyber and Technology Innovation at the Foundation for the Defense of Democracies, thinks that despite Trump’s admiration for Putin, he won’t cut Russia any slack for offensive cyber operations. “I think that if someone’s doing things inappropriately in our country, they’ll be held accountable,” Montgomery says. “If Russia does bad behavior, they’ll be held accountable.”
Foreign disinformation efforts: Letting Russia off the hook
Signs are emerging that a Trump administration might look more benignly on Russia’s disinformation and election interference campaigns than a Harris administration would. For example, Republican vice presidential candidate JD Vance is already signaling that he thinks Russia’s election-related disinformation efforts would not be a top concern for a Trump administration.
“It’s the disinformation for which [Russia is] insidious,” Montgomery says. “This low-level spreading of false information undermines people’s belief in credible democratic processes, whether it’s the press or elections or whatever. It is more likely to happen under Trump. He’s less likely to be aggressive about addressing it.”
“There’s going to be certain key issues where Republicans can point and say that we’re going to guard against disinformation, but they’re guarding against disinformation on their policy issues that they have a particular viewpoint on while letting it run rampant everywhere else,” Brumley says. “I’d hope that Democrats or someone would come in and put bigger guardrails on it.”
Enforcing cybersecurity regulatory requirements
Another potential cybersecurity differentiator is the degree to which the next administration will seek to enforce existing cybersecurity regulations or advance new ones.
A Supreme Court ruling this summer gutted the Chevron deference, which instructed courts to defer to independent regulatory agencies regarding their interpretation of Congressional statutes when issuing regulations and requirements. This decision jeopardizes all cybersecurity regulations if litigants seek to overturn them.
“The Court’s decision matters more for the Democrats who actually want to do something, and so they have to find a tool that doesn’t involve legislation,” Lewis says, because getting what likely will still be a divided Congress to pass new laws that offer sufficiently detailed authorities is a virtually impossible task. “Trump doesn’t particularly want to do anything, so he’s going to be less hurt by Chevron.”
“You have the push right now from the White House that they want regulatory agencies to be creative with their authorities,” Schwartz says. “Then you have the Supreme Court saying that things need to be spelled out by Congress very specifically for any regulation. I can’t imagine the Trump administration asking for large pieces of cyber legislation, regulatory cyber legislation, which the Harris administration may do.”
A CISA breakup under a Trump administration
Another cybersecurity issue at stake is the future of the Cybersecurity and Infrastructure Security Agency (CISA). Project 2025, the Heritage Foundation’s 1,000-page governing blueprint for a Trump presidency, contains many controversial cybersecurity recommendations, including the dismantling of the Department of Homeland Security and CISA, with any CISA remnants being shifted to the Department of Transportation.
Trump has vacillated between embracing Project 2025’s recommendations and distancing himself from them, but he can’t escape that the report’s primary authors are former Trump administration officials whom he likely might rehire. “I was told by a Trump person yesterday, ‘Don’t pay any attention to those [Project 2025] people,’” Lewis said. “I don’t know how much credit to give Project 2025, but they are looking at CISA. Nobody’s happy with CISA’s performance.”
“That’s a big one,” Montgomery says. “What’s the role of CISA, and how will it be properly resourced. I certainly think that if the Republicans take over, CISA will have no role in disinformation. Whereas otherwise, it has a role.”
“There’s a lot of distrust from Trump’s camp, and from the Republicans generally, with the FBI and CISA,” Schwartz says. “He likes the FBI even less than he likes CISA, and it’s really clear that CISA would get totally broken up.”
The breakup of CISA, however, would take some time to achieve. “Under Project 2025, you need Congress to cooperate if you’re going to take it apart versus just weaken it or take steps to make sure that they’re not given any authority or any money,” Schwartz says.
Creating a US Cyber Force as an independent armed service
The final cybersecurity issue that could be determined from next week’s election is creating a US Cyber Force as an independent armed service alongside the Army, Navy, Air Force, Marine Corps, and Space Force.
“There have been a lot of people banging a pot saying, just like we have the Air Force and now we have the Space Force, we should create a Cyber Force,” Brumley says. “I would expect that if Trump is elected, that would move forward quickly. I would guess it wouldn’t happen under Democrats. I think it’s still possible, but I think it’s more like a 25% probability.”
“The elections may have something to do with whether or not we have a Cyber Force. I’ve been arguing for that, and we did a paper on that, and we believe in it,” Montgomery says. “Depending on who’s elected and who in the House and Senate have leadership roles, the president will determine whether or not we move to a Cyber Force model for force generation in the military.”