SAN FRANCISCO — As much of the world’s top cybersecurity professionals gathered for the annual RSA conference in San Francisco this week, one group was noticeably absent: top White House officials, who have in the past headlined sessions aimed at closing the gap between the administration and Silicon Valley on cybersecurity policy, were nowhere to be found.
The absence of senior administration officials at this year’s conference was particularly noticeable, given the White House’s unclear stance on several key cybersecurity issues, ranging from encryption technology to the way in which foreign states should be punished (or cited) for hacking into the US.
“The government’s retreat from RSA is disappointing. Securing America’s cyber infrastructure was the one campaign promise everyone had hoped that Trump would keep,” said David Cowan, a partner at the venture-capital firm Bessemer Venture Partners, who attends RSA yearly.
Many at the conference whispered about the Trump administration cybersecurity executive order that never was. Several drafts that were leaked to the public were widely welcomed by cybersecurity experts, who saw the policies as largely a continuation of the policies laid out during the last months of the Obama administration. President Donald Trump was widely expected to sign the executive order on cybersecurity earlier this month, and it remained unclear if a new version was being drafted in the interim.
“There was this sigh of relief when the executive order went public, that finally we had an executive order that wasn’t controversial, that felt…stabilizing in a way,” said one cybersecurity professional, who recently left a government job for a private cybersecurity firm. He asked to speak anonymously as he wasn’t authorized to speak to press. “The Obama administration laid out a very sensible policy, saying this is what is wrong and this is what we need to fix. I was hopeful Trump would follow that… But it seems like he is determined not to do anything that would fall into the category of ‘safe’ or ‘expected.’”
The cybersecurity professional added that many believed Trump would release the executive order this week, timed to coincide with RSA.
“He might be doing it this way to make more of a splash, or maybe they were revising it? I don’t know, but it definitely seems strange that no one is here at RSA. It doesn’t send a reassuring message for how they hope to handle engagement going forward,” he said.
Others, including Ed Cabrera, chief cybersecurity officer at Trend Micro, suggested that Trump simply didn’t have the staff in place to send someone to the conference.
“They are still in the process of filling positions… there has been a lot of change in the administration and it's very early days to send someone to a conference,” said Cabrera, who added that many of the regulars who had attended the conference in past years were political appointees who had resigned at the end of the Obama administration.
“From what we are hearing the administration is engaging with cybersecurity professionals. But we really don’t know what direction any of this is taking right now,” said Cabrera. “All of us have to wait and see.”
The White House did not immediately respond to a request for comment about its absence from RSA.
Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F
Got a confidential tip? Submit it here.