Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Rudi Giuliani to Advise Trump on Cyber Security

President-elect Donald Trump’s transition team announced Thursday that former New York mayor Rudi Giuliani “will be sharing his expertise and insight as a trusted friend concerning private sector cyber security problems and emerging solutions developing in the private sector.” The details of this new role are vague and sparse; but it would be fair to say that it has raised eyebrows in the security industry.

President-elect Donald Trump’s transition team announced Thursday that former New York mayor Rudi Giuliani “will be sharing his expertise and insight as a trusted friend concerning private sector cyber security problems and emerging solutions developing in the private sector.” The details of this new role are vague and sparse; but it would be fair to say that it has raised eyebrows in the security industry.

Some reports suggest that he will be the new administration’s security Czar. For the moment, that is probably an exaggeration. The transition team announcement says only, “It is contemplated that the President-elect will be hosting a series of meetings with senior corporate executives from companies which have faced or are facing challenges similar to those facing the government and public entities today, such as hacking, intrusions, disruptions, manipulations, theft of data and identities, and securing information technology infrastructure… Mr. Giuliani was asked to initiate this process because of his long and very successful government career in law enforcement and his now sixteen years of work providing security solutions in the private sector.”

From this it would appear that Giuliani’s role is primarily that of a facilitator for meetings between the administration and private industry to discuss problems and practical solutions in cyber security. The announcement makes it clear, “No consensus advice or recommendations resulting from group deliberations or interaction is expected or will be solicited.” This should be a positive step with the administration listening to those who suffer from cyber security attacks rather than just those who sell solutions to those attacks.

It is the idea of Giuliani ‘sharing his expertise and insight as a trusted friend’ that raises eyebrows. His name is not well known in the cyber security industry, although his firm, Giuliani Partners, is a security consultancy. Needless to say, the firm’s website was rapidly examined by security professionals and immediately lambasted. The site, www.giulianisecurity.com, has now been taken down, but not before researchers noted a string of security issues.

These included expired SSL, use of Flash, exposed CMS login, out-of-date software and numerous open ports. Not everyone believes that should be a concern. Robert Graham at Errata Security wrote today, “But here’s the deal: it’s not his website. He just contracted with some generic web designer to put up a simple page with just some basic content. It’s there only because people expect if you have a business, you also have a website.”

But that’s not how cyber security works. You cannot just contract with some generic consultant and leave it at that — it is continuous attention to detail that makes the difference between secure and compromised. Where you don’t know the solution yourself, you need to be able to take advice from others. It is suggested that as mayor of New York, Giuliani was advised by the police not to site the city’s emergency response center in the World Trade Center for reasons that included its history as a terrorist target. Giuliani did not heed this advice, and the emergency response center was destroyed with the World Trade Center, 9/11.

Despite these concerns, Giuliani could prove a good selection if his role is primarily as an informal executive meeting facilitator. Although frequently described as a cyber security firm, his consultancy is more strategic than hands-on. Before it was taken down, the website described the ‘portfolio of services’ as including ‘Global Investigations/Litigation Support/Due Diligence’ and ‘Brand Protection/Anti-Counterfeiting Strategies & Solutions’. Clients include “governments, global corporations, energy industries, law firms, financial institutions, and universities among other organizations.”

In a conversation with Fox & Friends, Giuliani described his role as just such a facilitator. “The idea here is to bring together corporate leaders and their technological people. The president will meet with them on an ongoing basis as well as anyone else in the Administration. … I’ll coordinate the whole thing. I’ll get the people in, make sure the meeting takes place, make sure they get the information from the private sector.”

Advertisement. Scroll to continue reading.

Cyber security information sharing between industry leaders and between industry and government can only be a good thing.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem