As the United States pushes closer to electing its next president, the nation faces many challenges that need to be addressed.  Whether it be hot button issues like illegal immigration, domestic economic concerns, or U.S. involvement in international conflicts, the next president will have a lot to do to implement their respective policies.  However, one issue that has gone under the radar for much of this tumultuous campaign is cybersecurity, and what types of policies either candidate has to further U.S. efforts in an area that touches all of the hot button issues already mentioned.  For a subject that politicians like to champion as critical to the country’s success and national security interests, talk of the United States being the global leader in all things cyber has been noticeably muted.  Even a review of both candidates respective “Issues” pages on their campaign websites reveal that cybersecurity is not a top issue, intimating that the next four years cyber could remain an afterthought rather than a top-of-mind priority, regardless of which candidate wins office.

One of the reasons explaining this is when it comes to presidential politics, there are myriads of problems that need to be solved, and new agendas that need to be implemented.  That is fair, but given economic reliance on cyberspace, the weaponization of cyberspace by state and nonstate actors alike, and a perpetual race to develop and apply advanced technologies, that cyber would be a cornerstone platform issue.  When in office, presidents have created cyber strategies with implementation plans, but the jury is out on whether how effective these have been in strengthening the country’s cybersecurity.  Current president Biden has likely achieved the most in this capacity successfully resolving 80% of recommendations posed by the Cyberspace Solarium Commission (CSC), though it remains to be seen how completing these items will correlate to an improved cybersecurity posture such as in the reduction of threats faced, attacks experienced, or shortened times to remediate compromises.

But here’s another election in which neither candidate has fully articulated a blueprint for the United States with respect to enhanced domestic cybersecurity, a national data privacy law, a vision for international standards setting, a strategy for international engagement to counter hostile cybercriminal gangs, among others.  One contributing factor may be an incomplete understanding of cyber other than being a user of this technology, therefore relying on others to inform them of what needs to be done from security and policy perspectives.  For example, during his tenure, Trump was criticized for his cyber missteps, notably the firing of the Cybersecurity and Infrastructure Security Agency head, among other cyber-related decisions.  Even before elected in a debate, his reference to “the cyber” did not project him to be an individual well attuned to the complexities and intricacies of cyberspace and the full extent of its role in modern day society.

That said, Trump did execute a cyber strategy and issued cyber-related Executive Orders, as Biden has done since succeeding him.  But Trump’s most notable influence on how the United States addresses cyberspace was his support of the military’s “defense forward” cyber strategy that has since empowered U.S. Cyber Command to proactively root out potential threats.  For a long time, how the United States would engage adversaries was not well known and seemed more of a testament of indecisiveness rather than strategic ambiguity.  That changed under Trump and was a stark contrast to the previous Democrat administration’s preference for “restraint” when it came to committing U.S. resources in such a capacity.  What’s more, this strategy was embraced and expanded under Biden’s tenure.  Since its enactment, active defense has been a popular course of action largely supported across the political aisle.

Kamala Harris is in a similar situation, though she has had the benefit of being in an administration that has rolled out several cyber-related EOs and its own cybersecurity strategy.  In addition, she has been associated with some technology initiatives such as the CHIPS and Science Act and the safe and responsible use of artificial intelligence, arguably the most game-changing technology going into 2025.  Press has lauded Harris for making cybersecurity a top priority though she has made no significant policy promises since running for president.  However, she has also her share of verbal gaffs when trying to discuss cyber issues, and was slammed for her remarks trying to explain artificial intelligence, which revealed her lack of knowledge on the subject, prompting one critic to comment that she sounded “like she had a report due on AI, but absolutely didn’t read the book.”

So, when it comes to cyber issues, what can we expect from either candidate should they win the Executive Office?  Both candidates acknowledge the importance of cybersecurity, but it does not seem to be a passion project for either, and any significant cyber policy enacted will likely be driven from the public and private sector experts with whom they surround themselves.

If Trump wins a second term in office, his cyber policies will likely reflect his America First platform, looking to shore up the United States’ cybersecurity posture in key areas: advancing the United States role as a global cyber leader in matters of standards-setting and Internet governance; increasing critical infrastructure protection, enhanced cyber threat detection and mitigation, and continued use of hunt-forward operations to neutralize adversary activity in cyberspace.  Domestically, Trump will likely seek to deregulate cybersecurity when it comes to the private sector, which has been extensively regulated under Biden’s Administration.  This will be key to empowering the private sector to take the initiative to set cybersecurity standards for their own industries and removing or at least drastically reducing the government from the process.  He likely will look to the states for any significant legislation such as enacting data privacy laws, rather than push Congress to pass a national level one.

There is a lot of hope that Harris’ experience in advocacy and action will translate into the cybersecurity space.  If Harris assumes office, there is every reason to expect she will likely continue and perhaps build on what Biden has started.  As such, she will probably follow the recommendations set forth by the CSC and continue implementing the suggestions made in the first report, as well as an additional  ten new recommendations.  Based on her work as Vice President, she will likely continue to push for more government involvement in cyber matters, as well, perhaps in oversight, regulation, and holding companies accountable for flaws in their products/technologies.  

These are just high-level forecast predictions, and there’s more to what the next president will have to contend with.  The one bright spot is that cybersecurity at its core is a nonpartisan issue, and that main concerns like critical infrastructure protection, cybercrime, cyber espionage, and the development and implementation of advanced technologies are common goals, regardless of party.  What will differ is how the candidates pursue them, and that may make the difference when it comes to making a mark in advancing the country’s security goals.