Trump is also unlikely to continue the Biden administration’s campaign to curb the spread of commercial spyware technologies that authoritarian governments have used to harass journalists, civil rights protesters and opposition politicians. Trump and his allies maintain close political and financial ties to two of the most prolific users of commercial spyware tools, Saudi Arabia and the United Arab Emirates, and he has shown little concern about human rights abuses by those governments during his first term.
“There’s a good chance we’re going to see major returns to spyware policy,” said Stephen Feldstein, a senior fellow in the Program on Democracy, Conflict and Governance at the Carnegie Endowment for International Peace. Trump officials are likely to be more interested in spyware makers’ counterterrorism arguments than digital rights advocates’ criticism of these tools.
Spyware companies “will no doubt get a more sympathetic audience under Trump,” Feldstein says — especially market leader NSO Group, which is closely tied to the Trump-supporting Israeli government.
Doubtful prospects
Other Biden cyber initiatives are also at risk, even if their fate is less clear.
Biden’s national cybersecurity strategy underscores the need for greater corporate responsibility, arguing that well-resourced tech firms must do more to prevent hackers from misusing their products in devastating cyberattacks. Over the past few years, CISA has launched a messaging campaign to encourage companies to make their products “secure by design,” the Department of Justice has created a Civil Cyber Fraud Initiative to prosecute contractors who mislead the government about their security practices, and White House officials began mulling proposals to hold software vendors accountable for harmful vulnerabilities.
This push for corporate accountability is unlikely to receive strong support from the incoming Trump administration, which will almost certainly be filled with former business leaders hostile to government pressure.
Henry Young, senior director of policy at software trade group BSA, predicted that the security by design campaign would “evolve to more realistically balance the responsibilities of governments, businesses and customers and hopefully avoid finger-pointing in favor of of joint efforts to continue to improve security and resilience.”
The Democratic administration may have used the security push on the project as a springboard to new corporate regulations. Under Trump, security by design will remain at most a rhetorical slogan. “Turning it into something more tangible will be the challenge,” says the US cyber official.
Cut off the edges
A landmark cyber program cannot be easily dismantled under a second Trump administration, but it could still be dramatically transformed.
In 2022 Congress passed legislation requiring CISA to create cyber incident reporting rules for operators of critical infrastructure. CISA published the text of the proposed regulations in April, prompting an immediate backlash from industry groups who said it went too far. Corporate America warned that CISA is asking too many companies for too much information about too many incidents.
