President-elect Donald Trump has a simple diagnosis for the state of cybersecurity. “We’re hacked by everybody,” he declared during a Wednesday press conference. By Thursday, he found his man to solve the problem: former New York City Mayor Rudy Giuliani.
Trump tapped Giuliani to convene meetings of private sector executives to obtain “experiential and anecdotal” information on which companies are tackling cybersecurity problems. The choice of Giuliani has confounded the cybersecurity industry, in which Giuliani is a fairly minor player.
“When Mr. Giuliani comes to mind, cybersecurity and cyberdefense does not come to top of mind, or even to my thoughts at all,” said a senior executive that heads incident response for a multinational consulting company. Like other industry executives contacted for this story, he insisted on anonymity to candidly discuss the incoming Trump administration.
“We’re all raising our eyebrows about Mr. Giuliani being the right pick for this,” said a veteran Silicon Valley security executive. Giuliani, the executive said, is fairly unknown in Silicon Valley and his business is a niche player in the field of cybersecurity. Giuliani leads the cybersecurity practice at the law firm Greenberg Traurig, and heads the security consultancy Giuliani Partners.
Giuliani’s appointment comes as Trump is under fire for his skepticism toward the U.S. intelligence community’s conclusion that Russia carried out an information operation, including hacking, to boost the real-estate mogul’s electoral bid. By tapping Giuliani in a nebulous role purportedly boosting cyber-security, Trump can burnish his own credentials, and maintain an adversarial stance toward his own spies.
But, like many of Trump’s picks for the new administration, Giuliani hasn’t reassured many people that he has a strong grasp of the issues at the heart of his new job.
“A lot of the solutions are out there, we’re just not sharing them,” Giuliani told Fox News. “It’s like cancer. You know, there’s cancer research going on all over the place—you’d almost wish they’d get together in one room and maybe we’d find a cure.”
That answer doesn’t begin to grapple with the complexity of securing computer systems. Cybersecurity is more about reducing risk, rather than “curing” the threat entirely.
As if to underscore his ill fit for the new job, shortly after the announcement of his appointment, security researchers found a series of holes in the website of Giuliani’s eponymous security consultancy. The site was running out-of-date software and packed with vulnerabilities.
Giuliani’s obvious lack of technical expertise has many cybersecurity professionals bemoaning his selection to advise Trump, who made clear during the campaign that he has only the vaguest notion of the technologies he tried to describe.
“Policy issues in this field are often plagued by a lack of understanding of actual cybersecurity concepts and expertise,” said Robert M. Lee, the CEO of industrial cybersecurity firm Dragos, Inc. The nuts-and-bolts know-how of computer science, he suggested, should be a key part of people helping shape of cyber policy.
“Being the CEO of an airline company does not necessarily make one qualified to fly a plane,” Lee, a former Air Force cyberwarfare operations officer, added.
But it’s not even clear that Giuliani will have that much impact on policy. “No consensus advice or recommendations resulting from group deliberations or interaction is expected or will be solicited,” the Trump camp said in announcing his appointment.
Though the government and country may not much benefit from his appointment, it will ensure that Giuliani has a prominent perch from which to market his services and make connections in the industry. Giuliani has already raked in a small fortune since entering the private security world, and his perch as an outside Trump adviser will likely only boost his profile.
Photo by Alex Wong/Getty Images