The basis, orientation and constraints of the Biden administration’s cybersecurity policy
As a highly professional and widely influential topic, cyber security is an important issue faced by Biden after taking office, and has become the focus of domestic and even global attention. Overall, the priority of cybersecurity under the Biden administration will be elevated. Its cybersecurity policy will be based in part on the Trump administration’s cybersecurity “legacy,” moderately returning to the Obama administration’s “network governance strategy,” and compromising the establishment and conservatism to form Biden’s “network governance style.”
1. Realistic basis: Inheriting and digesting the Trump administration’s cybersecurity “legacy”
In the United States, cybersecurity is a non-partisan issue with strong continuity between different governments. Even in the Trump administration, which has “changed the world”, cybersecurity measures are mostly based on the policies of the Obama administration. Looking back at Trump’s cybersecurity “legacy”, there are both pros and cons. This is not only the foundation of the Biden administration’s cybersecurity policy, but also the realistic basis for his governance of cyberspace.
(1) General characteristics of the “bottom-up” promotion of the department
In 2019, Robert Mueller released the “Investigative Report on Russia’s Interference in the 2016 Presidential Election”, which “concluded” the doubts about the 2016 U.S. election. In order to maintain the legitimacy and legitimacy of his election, Trump has been deliberately downplaying the threat of cybersecurity and refusing to admit that Russia is suspected of meddling in the U.S. election, arousing criticism in the U.S. for his neglect of cybersecurity. Different from the radiating institutional framework of “President-Cybersecurity Coordinator-Departments” during the Bush and Obama administrations, the cybersecurity policy of Trump’s term has the characteristics of “dilution from the top” and “departmental push”, including Paul Nakasone Cyber Command under the leadership of Chris Krebs, the Cybersecurity and Infrastructure Security Agency (CISA), and the NSA Cyber Affairs Division under Annie Newberg, conducted a series of bottom-up reform, and substantial progress has been made in US cybersecurity. Jacqueline Schneider, a cybersecurity researcher at the Hoover Institution, calls the phenomenon a “headless strategy,” and says initiatives taken by agencies are already paying off. On the other hand, the objectively formed interdepartmental linkages during the Trump era have, to a certain extent, formed a “cybersecurity interest group” with common demands, which has the influence of “guidance” and even “pressure” on the Biden administration.
(2) Cyber offensive operations are becoming more and more normalized
Different from Obama’s “prudence” and “restraint”, Trump “dramatically” reforms the bureaucratic procedures regarding cyber warfare and publicly promotes actual combat. In 2017, Trump announced the upgrade of Cyber Command to the tenth Joint Combatant Command, on a par with major combatant commands such as U.S. Central Command, responsible for conducting offensive cyber operations. In 2018, Trump promulgated National Security Presidential Memorandum 13 (NSPM13) to “untie” the bureaucratic process set by the Obama administration for waging cyber warfare. In the same year, the U.S. Department of Defense Cyber Strategy and the Cyber Command Vision Document launched the concepts of “persistent engagement”, “defense forward”, and “hunt forward”. Authorized the Cyber Command, the CIA and other operational departments to carry out cyber attacks below the threshold of armed conflict, and even sneaked into the key infrastructure of adversary countries to ambush and “sort out”, and have made public cyber operations against Russia, Iran, and the “Islamic State” organization. Although Biden said he would review cyber operations, he publicly acknowledged the achievements of “continuous engagement.” The Biden administration is not expected to converge on its expanded cyber operations strategy, driven by a strong push from Cyber Command.
(3) Cross-domain cyber deterrence continues to mature
Currently, functional departments such as the U.S. Department of Homeland Security, the Department of Defense, the Department of Justice, and the Treasury Department play a prominent role in cooperating with the implementation of the cross-domain cyber deterrence strategy. In particular, the “public attribution” of the Department of Justice and the economic sanctions of the Treasury Department have become important supports for the United States’ cross-domain deterrence. To some extent, this “whole-of-government” and “nation-wide” approach to deterrence is precisely the cybersecurity “legacy” left by the Obama administration, mobilizing the role of federal agencies to “impose costs” on cyber attackers, while At that time, Biden was an important promoter of “cyber deterrence”. All along, Biden has shown a “zero tolerance” posture for national-level cyberattacks, including publicly stating during the campaign that he would use “all tools of state power to make national criminals who interfere in US elections pay the price” and said “punishment.” Measures include financial sanctions, asset freezes or, increasingly, retaliatory cyberattacks.” It is expected that after the Biden administration takes office, it will use cross-domain deterrence with increasing frequency, as well as stricter economic sanctions.
(4) The importance of the Cyber Security and Infrastructure Security Bureau is emerging
CISA, established in 2018 to maintain election security, has made important progress in securing critical infrastructure, coordinating various departments, promoting public-private cooperation, and providing early warning. Especially in the 2018 midterm elections and the 2020 general election, CISA has gained bipartisan recognition for improving federal and local election security. In addition to securing elections, CISA’s work has covered 8 of the 16 U.S. critical infrastructure sectors, including providing threat information and basic cybersecurity services such as penetration testing, industrial control assessments, and incident response training, making it critical for U.S. infrastructure The primary function of protection. There are also growing voices about developing CISA into an independent regulator based on the importance of its work. This also caused Trump’s firing of CISA Director Chris Krebs for political reasons after the announcement of the election results, causing “public outrage”.
(5) Establishing institutional barriers to the “cold war” of technology against China
During the Trump administration, the U.S. policy toward China changed completely, and the “cold war” of technology toward China was the focus of this change. The Trump administration has established a set of institutional barriers to prevent China’s technological development. In 2018, the United States passed the Foreign Investment Risk Review Modernization Act (FIRRMA) and the Export Control Reform Act (ECRA), which completed the reforms of the Committee on Foreign Investment and Export Control respectively. high barriers. According to statistics, in the first three years of Trump’s tenure, the Committee on Foreign Investment in the United States (CFIUS) reviewed a total of 140 transactions involving Chinese acquirers, and more than 1,000 Chinese entities were included in the “entity list” of the United States, which severely hit the market. Sino-US economic and trade development. The second is to implement the “de-Sinization” of the ICT supply chain in all directions. Trump has invoked a number of “long-dead” policy tools, such as the International Emergency Economic Powers Act (IEEPA), which gives the president the power to regulate business, and through this act the Security Administration of ICT and Service Supply Chains. Order” to implement a “clean network” plan in China that excludes Chinese information technology and products. The third is the global layout technology development alliance. Although the Trump administration despised its allies, it chose to work with its allies to put pressure on China’s high-tech development. For example, 32 countries including Germany, Japan, and Australia held the Prague Summit to formulate safety standards for 5G development; A “defense partnership” with intelligence as the core to build an “military alliance” of artificial intelligence. The above measures have laid the foundation for the Biden administration to compete with China and will not change in the short term.
2. Policy Orientation: A Moderate Return to the “Network Governance Strategy” of the Obama era
All walks of life in the United States are very dissatisfied with the “contempt” of cybersecurity during Trump’s term, and the “SolarWinds” cyberattack at the end of 2020 pushed this sentiment to a climax. All walks of life in the United States collectively reflect on cybersecurity issues and demand that the Biden administration make changes. Biden made a timely statement after the SolarWinds incident, saying “elevating cybersecurity as a government-wide priority.” Whether it is due to the pressure of reforming insufficient cybersecurity policies during the Trump era, or following the professional inertia and experience path of politics, the Biden administration will moderately return to the “network governance strategy” of the Obama era, highlighting personnel arrangements and institutional facilities. Consideration of network security.
(1) Reset the post of cybersecurity coordinator to coordinate cybersecurity affairs
Trump’s 2018 removal of the White House cybersecurity coordinator has been criticized by both parties in Congress and by cyber experts, in what has been called a major setback in cybersecurity policy. Voices calling for increased cybersecurity in presidential affairs and the re-establishment of coordinator positions have persisted throughout Trump’s term. Although Biden has not directly stated whether to resume the post, he proposed the establishment of a director of cybersecurity in the National Defense Authorization Act for Fiscal Year 2021. This may become Biden’s first move on cybersecurity matters after taking office. The post of Director will coordinate the response to domestic and international cybersecurity matters, reporting directly to the President and providing advice on how to respond. This will significantly elevate the priority and importance of cybersecurity matters in U.S. federal affairs.
(2) Repair the relationship with allies and strengthen the building of partnership in cyberspace
The “America First” policy implemented by Trump’s term has evolved into “maverick” or even “blame-shifting”, which has severely damaged the alliance system established by the United States after World War II. As a former vice president and chairman of the Senate Foreign Relations Committee, Biden has extensive diplomatic experience and repeatedly raised the slogan of repairing alliances during the campaign. In the article “Why America Must Lead Again—Saving U.S. Foreign Policy After Trump,” published in the March/April 2020 issue of Foreign Affairs, Biden made allies a priority in his diplomacy The most important thing, online diplomacy is its important starting point. Against this backdrop, Biden will step up consultations with EU and NATO countries on their positions on cyber issues, but demand concerted action from allies in a more egalitarian and mutually beneficial way.
(3) Promote multilateralism and regain leadership in rule-making and governance
Biden, known as the “protocol maker”, publicly stated during the campaign that he “will promote international agreements on the responsible use of new digital tools” and will “establish comprehensive cyber norms, protect civilian infrastructure, and promote the United States to become the Leaders who encourage other nations to adopt the principles of responsible state behavior in cyberspace.” The United States under Biden’s leadership will gradually “return to the group” of multilateral international network mechanisms, make good use of the World Trade Organization and the OECD to resolve disputes, and use multilateral means and rules to exert pressure.
(4) Strengthen the cooperation between the government and private enterprises, and reshape the American public-private alliance
The Democrats’ 2020 policy platform emphasizes “partnering with the private sector to protect personal data and critical infrastructure.” Biden will take advantage of the Democratic Party’s natural closeness to technology companies to reverse the shunning and alienation of private companies from the government during the Trump era, win over technology giants, and strengthen public-private cooperation in cybersecurity, including strengthening the protection of critical infrastructure, strengthening threat intelligence sharing, and investing High-tech, checks and balances rival countries, and reshapes the US public-private alliance.
3. Policy Prospects: Or take a “compromise” between the establishment and conservatism
As a member of the traditional Democratic Party establishment, Biden follows elite governance and traditional values. However, facing the constraints of domestic conservatism, the realistic choice of his cybersecurity policy will show a tendency of “compromising” between the establishment and conservatism.
(1) Taking cybersecurity as an important starting point for bridging domestic differences
As a rare hyper-partisan issue with a high degree of consensus, cyber security has become the starting point for the Biden administration to explore cooperation with Congress. The “layered cyber deterrence” strategy report released by the Cyberspace Sunbathing Committee in March 2020, as a governance plan proposed by Democrats and Republicans on cybersecurity issues, more than half of the legislative proposals are included in the 2021 National Defense Authorization Act. Biden intends to take advantage of the high domestic consensus on cybersecurity issues and adopt some of the Sunbathing Committee’s plans as a “breakthrough” approach to governance.
(2) Selecting experienced cabinet members to “govern the network by elites”
During Trump’s term of office, officials were mainly appointed on the basis of “loyalty”, so that the heads of some important cybersecurity positions were not professionals, and second- or third-level officials were assigned to lead cybersecurity affairs, and the heads of key positions were constantly changed. Seriously affect the continuity and effectiveness of network policy implementation. The Biden administration has introduced a number of network professionals during the Obama administration and many liberal think tanks in the first announced cabinet members. “Elite governance of the network” will make the US network security policy more stable and predictable. . It is expected that at the beginning of his presidency, Biden will follow Obama’s example to conduct a comprehensive assessment of the cybersecurity situation facing the United States and abroad as the basis for his policies.
(3) Rediscover the values and ideological cultivation of cyberspace
A series of anti-traditional and anti-establishment policy concepts implemented by Trump during his tenure have caused the United States to “lost morality” in the international arena. At the same time, the entire Western countries are also facing a revival of populism and anti-intellectualism, and the Western international order formed after World War II is facing a crisis. The theme of the Munich Security Conference in early 2020, “The West is missing”, is a reflection of this value dilemma. During the campaign, Biden stated that he would reshape the moral leadership of the United States by setting an example of Western values at home, and promised to organize a “democratic summit” in the first year of his election to maintain “common values”, emphasizing that “the United States” Principles of the Open Internet”. With the Biden administration coming to power, the cultivation of values and ideologies centered on Internet openness, freedom, and human rights will become an important content of Internet governance.
(4) Re-listing Russia as the primary threat to cyberspace
In the service of real great power competition, the Trump administration has identified China as a major threat in cyberspace. However, the U.S. establishment has always regarded Russia as the biggest geopolitical opponent, especially for Biden, who experienced the “Cold War” personally. America’s greatest threat. On online issues, Biden insisted that Russia has been trying to interfere in the U.S. election and erode the foundation of American democracy. Especially after the SolarWinds incident, Biden said he would severely punish Russia’s cyber attacks. As Biden conducts cybersecurity work, the “war of words” and “actual combat” of cyber attacks between Russia and the United States will become more frequent.
(5) Attach importance to technology investment to maintain the leading position of US technology
Compared with Trump’s extreme pressure on rival countries, the establishment attaches more importance to developing scientific research and innovation capabilities, attaching importance to basic investment in the field of technology, and maintaining the long-term global scientific and technological leadership of the United States. In this regard, Biden said during the campaign that he would increase federal R&D investment, increase the amount of innovation funds, and support key technological innovations such as 5G and artificial intelligence; at the same time, attach importance to scientific and technological talents and education, and revoke immigration restrictions, including restrictions on science and technology. , engineering and mathematics (STEM) visa restrictions, increased investment in basic education, etc.
4. Constraints: Challenges to Biden’s Cybersecurity Policy
Biden took over a “devastated” United States, facing divided domestic public opinion, questionable international allies, and “fighting on their own” functional departments. All these pose challenges to Biden’s cybersecurity policy implementation.
(1) The political environment in which domestic political parties are opposed and public opinion is divided
Although the Democratic Party won both the Senate and the House of Representatives, clearing certain obstacles for the Biden administration, the Biden administration still faces serious bipartisan divisions and splits of public opinion. Even cybersecurity issues with a high degree of consensus will be affected by political factors. influences. There are still major differences on issues such as the setting of major competitors, governance of tech giants, election security, and net neutrality bills.
(2) There are gaps between domestic departments and public-private cooperation
At the departmental cooperation level, although a series of strategies were promulgated during the Trump administration, the specific implementation of the strategies still lacks overall guidance and unified coordination. In terms of public-private cooperation, although Silicon Valley companies actively donate to Biden, Democrats have historically been much stricter than Republicans in taxation and antitrust. Biden also expressed concerns about technology giants during the campaign, and advocated the revocation of Section 230 of the Communications Decency Act (Section 230) to limit the exemption protection for Internet companies, which will directly affect the Biden government and businesses. cooperative validity.
(3) Lack of allies’ trust in the United States
The Trump administration’s unilateralism and bullying have triggered a “crisis of confidence” among allies in US leadership and influence. In cybersecurity cooperation, the most prominent manifestation is the invalidation of the “Privacy Shield Agreement” for cross-border data between the United States and Europe. The incident reflects a growing trust deficit between the United States and its allies. It will be difficult for the Biden administration to regain the support of its allies and jointly lead the rules of the international network.
In general, the Biden administration regards cybersecurity as a national priority, and in addition to continuing the Trump administration’s tough cybersecurity policy, it returns to the Obama administration’s “alliance” and “regulation” methods, but it still faces partisan struggles in practice. , departmental constraints and distrust of allies. Based on the current situation, the tough line on technology adopted by the United States against China will not be substantially changed due to Biden taking office, but there will be adjustments in tactics and focus. In this regard, our country should be highly vigilant.
The Links: G121XN01V0 EPCS128SI16N