A top Biden administration cybersecurity official laid out her wish list today for how the incoming Trump-Vance administration should prioritize cybersecurity challenges and regulations.
During the Conference on Cyber Regulation and Harmonization – co-hosted by Columbia University and New York State on Nov. 13 – Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger highlighted her top three pressing cyber challenges and urged the next administration to take action on them in its first 100 days in office.
Neuberger placed the Trump administration’s key cyber challenges into three bins: China, ransomware, and AI.
“When we look at countries, and I’ll use China as the example, well resourced, sophisticated offensive cyber program that’s focused not just on espionage, collection – that’s been a problem for 15 years,” she explained. “What’s really changed with China [that] we’ve seen is prepositioning in pipelines, in water systems, in power systems, which don’t have intelligence value. And our concern is that that prepositioning is to disrupt to make it difficult to operate those systems in a time of crisis or conflict.”
“And when we think about the U.S. and China, there’s a difference in our national defense models,” Neuberger said. “As a result, when we think of the continuum from defense to offense, we’re more constrained in use of our offensive cyber tools, and our assessment of blowback is always going to be more careful about the risks.”
She emphasized that the most disruptive set of adversaries today in cyberspace are criminal groups, “notably ransomware groups based out of Russia.” According to Neuberger, $1.3 billion in ransoms was paid from the U.S. alone in 2023 and 51 percent of ransomware attacks occur against the U.S.
She highlighted AI as the final threat. “I view it as a threat and an opportunity,” she said. “It accelerates offense and defense, but I think it offers a unique opportunity to get at the hardest parts of defense, to be more of a disrupter on defense in a positive way.”
These are what the Biden administration sees as the most evolving threats going into the future, Neuberger said, and as they get ready to “pass the baton” she emphasized that they have “learned a lot about what’s worked, what hasn’t worked” and plan to pass that information on to the Trump administration because “we’re lucky these are really bipartisan issues.”
Neuberger urged the incoming administration to take action in these three critical areas within the first 100 days in office – including finishing the Biden administration’s work of implementing minimum cybersecurity requirements for critical infrastructure.
“We must have minimum regulations across critical infrastructure, because if our pipelines and our ports leave their digital doors and windows open, then it’s too easy. We need to make it riskier, costlier, and harder for the Chinese,” Neuberger said. “So the first piece is put in place a comprehensive minimum cybersecurity requirements framework for critical infrastructure companies.”
“Put in place grants for things – like New York State has done – where there are shared services – when New York City offers a security operation center across the state, so the smaller parts of the state have a way to detect threats that occur,” she said.
Neuberger concluded, “And then build on our international partnerships that the administration has built, whether the Counter Ransomware Initiative, the Quad – Japan and Korea partnership – to deepen intelligence sharing, and frankly, to deepen interactions with countries like China to pressure Russia not to allow safe haven so countries are aligned in that approach.”
