Having served our country in the cyberranks of the first Trump Administration, we know how important it is for the second Trump Administration to hit the ground running in its cyber defense mission. As recent events have reinforced, our cyber adversaries – China, Russia, Iran, North Korea and beyond – aren’t sitting on their hands.
We are confident that the incoming national security and cybersecurity team is ready to forcefully counter adversarial cyber activity from foreign nation-states; fight the proliferation of ransomware attacks on critical infrastructure and other U.S. businesses; protect American intellectual property; and embrace AI innovation as a critical enabler of cyber resilience. These are all goals the entire nation can rally around.
Palo Alto Networks is proud to be an integrated national security partner with the Federal Government and stands ready to help. To that end, we have developed 10 recommendations for the incoming team to consider as they take the reins:
- Focus on cybersecurity outcomes.
- Are cybersecurity investments actually making networks safer? We’ve found that two of the most telling indicators of cyber resilience are Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). The President should be able to walk into the White House Situation Room and see real-time MTTD and MTTR metrics for federal agencies.
- Forcefully respond to Salt Typhoon by promoting a Zero Trust approach to telecommunications security.
- This is an evolved security approach with a layered, continuous reverification posture that does not implicitly grant access. It requires end-to-end visibility and an enhanced focus on mobile core and management plane security.
- Embrace the multicloud reality, but don’t forget about security.
- Cloud is becoming the dominant attack surface – in a Unit 42 report, over 80 percent of vulnerabilities observed by our team were cloud-based. The increasing trend of multicloud adoption further challenges the legacy-shared responsibility model for security. In response, we must aggressively promote cross-cutting cloud security tools that provide both visibility and operational control.
- Leverage AI to avoid an inefficient game of cyber defense whack-a-mole.
- Cyber professionals are drowning in alerts that they must manually triage. They need AI-powered tools to flip this paradigm and stay ahead of adversaries, like China. There is a particular opportunity to leverage AI to modernize security operations centers (SOCs), and Palo Alto Networks applauds the recently signed EO on Removing Barriers to American Leadership in Artificial Intelligence as an important validation of AI’s enormous national security potential.
- Further drive confidence in the extraordinary power of AI by promoting Secure AI by Design.
- To fully harness the incredible power of AI, enterprises (including federal agencies) need to enforce access controls, harden deployment environment configurations, and ensure data integrity across AI supply chains.
- Promote Defense Industrial Base (DIB) resilience.
- The DIB is a natural extension of our national security apparatus but is under constant attack by adversaries. In response, we should further expand the scope and scale of the cybersecurity services offered by the NSA Cybersecurity Collaboration Center.
- Modernize the federal procurement process.
- Current procurement cycles don’t operate at the speed of technological innovation, giving adversaries the upper hand. For example, there is far too much reliance on legacy VPN tools (increasingly targeted by adversaries) instead of modern Zero Trust solutions.
- Make meaningful progress on regulatory harmonization for cybersecurity.
- The Federal Government can lead by example by consolidating and streamlining federal government software compliance certifications. For example, there should be logical reciprocity between FedRAMP High and DoD IL-5 certifications.
- Operationalize the Federal Acquisition Security Council (FASC).
- Established during the first Trump Administration, this can be a critical tool to ensure the technology in our federal enterprise is trustworthy with appropriate supply chain integrity.
- Leverage cyber shared services to increase efficiency and reduce waste.
- Shared services offerings for federal agencies can provision cybersecurity capabilities at scale – improving federal cybersecurity outcomes while being prudent stewards of taxpayer dollars.
Protecting our digital way of life is a bipartisan mission that requires all of us working together. As the Trump Administration enters office at this pivotal moment for America’s cyber resilience, we look forward to doing our part to help the cause.
Daniel Kroese is Palo Alto Networks Vice President of Public Policy & Government Affairs. He previously served as a senior official in the Cybersecurity and Infrastructure Security Agency (CISA), as the Staff Director on the House Homeland Security Committee, and as Chief of Staff to then Rep. John Ratcliffe (R-TX).
Sam Kaplan is Palo Alto Networks Assistant General Counsel for Public Policy. Prior to joining the company, Sam served in several senior executive roles at the Department of Homeland Security, including the Assistant Secretary of Cyber, Infrastructure, Risk and Resilience Policy, Deputy Chief of Staff, and the Department’s Chief Privacy Officer.