The U.S. government has made significant progress over the past four years in the ongoing fight against what President Joe Biden has described as the “scourge of ransomware.”
At the beginning of his term, Biden and his administration quickly declared ransomware a national security threat and gave new powers to the military and intelligence agencies. Since then, the United States has successfully disrupted ransomware infrastructure, recovered millions of dollars in ransom money, and brought prosecutions and sanctions against some of the most notorious ransomware operators.
Despite the recent onslaught of government crackdowns, the number of cyberattacks targeting U.S. organizations continues to rise, with 2024 poised to be another record year for ransomware. This means that when President-elect Donald Trump takes office again in January, he too will inherit a significant ransomware problem.
It's difficult to predict what cybersecurity policy will look like over the next four years, but the entire industry is bracing for change.
“It's hard to say what future policies and regulations will be because change involves so many layers and stakeholders,” Marcin Kleczynski, CEO of anti-malware giant Malwarebytes, told TechCrunch. Ta. “But we know that cyberattacks will not stop no matter who is in power,” Kreczynski said, citing ransomware as a top concern.
mixed early period
From a cybersecurity perspective, President Trump's first term was a mixed bag. One of President Trump's first (albeit delayed) executive orders after taking office in 2017 required federal agencies to immediately assess cybersecurity risks. Then, in 2018, the Trump administration announced the U.S. government's first national cybersecurity strategy in more than a decade, leading to a more aggressive “name and shame” attribution policy and relaxing rules allowing intelligence agencies to “hack.” Ta. Attack your enemies with aggressive cyber attacks.
In late 2018, Congress passed legislation creating CISA, a new federal cybersecurity agency tasked with protecting America's critical infrastructure. The Trump administration chose Chris Krebs to be the agency's first director, but two years later the then-president contradicted himself, saying the 2020 election, which Trump lost, was “the most secure in American history.” Krebs was immediately fired in a tweet. Regarding President Trump's false claim that the election was “rigged.”
Cybersecurity has not featured heavily in President Trump's messages since then, but the Republican National Committee, which supported President Trump, has said that during the 2024 election period, the next Republican administration will “secure our nation's critical systems and networks.” “It will raise the bar,” he said.
A wave of deregulation is expected
President Trump's push to cut the federal budget as part of his pledge to cut government spending could reduce the resources available to government agencies for cybersecurity, making federal networks even more vulnerable to cyberattacks. There are concerns about this.
This comes at a time when US networks are already under attack from adversaries. Federal agencies have warned this year of a “pervasive and relentless threat” from Chinese-backed hackers, who recently successfully infiltrated multiple U.S. telecommunications providers and accessed real-time call and text message logs. I am sounding the alarm about this.
Project 2025, a detailed blueprint written by the Heritage Foundation, an influential conservative think tank, reportedly serves as a “wish list” of proposals to be taken up during Trump's second term, but the president He also hopes to push for legislation to dismantle the national system. Consolidate the entire Department of Homeland Security and move CISA to operate under the Department of Transportation.
Lisa Sotto, a partner at US law firm Hunton Andrews Kurth, told TechCrunch that deregulation will be a top theme of the Trump administration.
“This could impact CISA's role in shaping cybersecurity regulations for critical infrastructure and could potentially lead to an emphasis on self-regulation,” Sotto said.
Referring to new guidelines CISA proposed in March that would require critical infrastructure companies to disclose breaches within three days starting next year, Sotto said these so-called CIRCIA rules would “requirements regarding cyber incident reporting and related obligations. There is a possibility that it will be significantly revised to reduce the ”
This could mean fewer data breach notifications are required for ransomware incidents, ultimately reducing the visibility of ransom payments, which security researchers have long cited as an issue.
Alan Liska, a ransomware expert and threat analyst at cybersecurity firm Record Future, told TechCrunch in October that much of the hard work the U.S. has done over the past four years will not be compensated. He said this included the establishment of an international coalition of governments pledging to do so. Hacker ransoms could be early casualties of large-scale government deregulation.
“The global ransomware task force that President Biden created opened up the exchange of information and accelerated many law enforcement efforts,” Liska said. “There's a good chance it won't be there, or at least the U.S. won't be part of it,” he said, also warning of the risk of more ransomware attacks due to less information sharing.
Are you looking at further destruction?
With a reduced focus on regulation, President Trump's second term could pick up where he left off with offensive cyberattacks and take a more aggressive approach to tackling the ransomware problem.
Casey Ellis, founder of crowdsourced security platform Bugcrowd, said he expects the United States' cyber attack capabilities to strengthen, including increased use of hackbacks.
“Mr. Trump has a history of supporting efforts that pursue outcomes that deter adversaries to America's sovereign security,” Ellis told TechCrunch.
“We expect this to include the use of offensive cyber capabilities, as well as increased 'hacking' activity as seen in the FBI-DOJ partnership over the past several years,” Ellis said. said. refers to government efforts to disrupt botnets, DDoS booter sites, and malware activity in recent years. “Ransomware types, early access brokers, cybercrime infrastructure, and quasi-governmental activities that have previously been targeted by the U.S. government will continue to be a focus.”