What Trump Means for Tech: D.C. Takes on AI and Cybersecurity

Host

In today's Enterprise? How are CIOs creating more impact in the C suite and with the board? What does it mean to be a blended executive? Learn more on the fourth episode of Techfluential, a podcast from Deloitte, and custom content from WSJ.

Bel Lin

Welcome to Tech News Briefing. It's Friday, January 31st. I'm Bel Lin for the Wall Street Journal. All this week we are exploring what President Trump's second term could mean for the tech industry over the next four years and beyond. Cybersecurity threats are ever increasing for businesses, consumers and the government. Just this week, the Wall Street Journal reported that hackers linked to China, Iran and other foreign governments are using new artificial intelligence tech to bolster their cyber attacks against the U.S. and other global targets. We'll speak with our reporter Dustin Voltz about how government hackers are using AI chatbots and the implications of a new A model from the Chinese firm Deepseek. Then we'll discuss how the new Trump administration looks at cybersecurity and why we are likely to see a more aggressive response to cyber attacks. So, Dustin, what exactly are these AI enabled hackers doing and how do we know they're doing it?

Dustin Voltz

Well, they're likely using all sorts of generative AI platforms, but in this case, the research is from Google's Gemini chatbot. That's the research that we had an exclusive look at. And what it shows is that dozens of different hacking groups in China, Iran, and elsewhere were turning to Gemini to.

Host

Try to bolster their cyber attacks.

Bel Lin

And what has Google said about this so far?

Dustin Voltz

Google issued this research in a bid for transparency, basically to say, look, we know that bad actors are using our chatbot and seeking to weaponize generative AI for malicious gain. Here's sort of a rundown of what we're seeing, and in doing so, they also said they took actions against accounts that they identified as linked to these bad actors and suspended them. In addition to that, it just highlights that generative AI, like for a lot of ordinary people, can be enormously useful for sort of, on the margin, productivity hacks. You can use it to help write emails and craft cover letters. Similarly, these hackers are sort of using it for almost rudimentary or mundane tasks like researching organizations that they want to target with phishing attacks, for example. And what we're seeing so far is this is a preview of what's to come. And at least for right now, it doesn't seem to be some sort of doomsday scenario where these hackers are creating first of their kind never before seen attacks that are destroying the Internet.

Bel Lin

Right. And we've also this week seen the emergence of the Chinese AI company Deepseek, which says that it rivals top tier AI models from the US for just a fraction of the cost. What are some of the national security implications of a model like the one from Deepseek?

Dustin Voltz

Well, there's a lot of national security implications, according to U.S. officials, about any Chinese technology. And Deepseek is sort of just the latest to animate some concerns. For starters, we've seen agencies already instruct their employees to not use Deepseek because you got to think about the level of intelligence that you could glean from just being able to see what people are writing into these systems. In addition to that, the concerns about Deep Seq are that this is revealing or reflecting that the US Is not nearly as far ahead on the AI arms race as they hoped or wanted to believe that they were. Now, there's a lot of dispute about this because of uncertainty about exactly how Deep Seek was able to accomplish what it did and whether or not it really is as cheap as its boosters are saying it is. But this is really just the latest flashpoint in US China relations over technology and the bout for technological supremacy between the two. Finally, another area of concern is that deep seek, like TikTok, could be used to either promote propaganda or respond to questions for information and data in a way that is advantageous to the Chinese Communist Party. For example, a lot of people on social media this week were noting that Deep Seq, if you ask it about what happened in Tiananmen Square in 1989, it basically says that it's unable to process that question and cannot answer it. That's a very different answer than the one you'll get from ChatGPT or Gemini or other chatbots that are built by US companies.

Bel Lin

Coming up, how will the Trump administration handle some of the biggest cyber threats facing the nation? That's after the break.

Jack in the Box Advertiser

If you need three new reasons to love Jack wraps at Jack in the Box even more, here they are. Chicken fajita, chicken Caesar and delicious. Starting at $3. Coincidentally, those are the same three reasons you should come to Jack in the Box right now at Jack. Every bite a big deal.

Bel Lin

So let's take a step back here. Former President Biden issued an 11th hour cyber executive order right before he left office. Do we have a sense for how the Trump administration feels about this executive order and what was in it?

Host

So senior Biden administration officials really tried on their way out the door to stress that cybersecurity has been a largely bipartisan issue for a long time, and there's nothing super controversial in the executive order that they issued, but it is a lengthy one with sort of a grab bag of different issues that it addresses, including redefining who the government can sanction to include ransomware criminal groups, for example, and mandating that software suppliers to the federal government verify and sort of publicly audit the fact that their software is known to be secure, and a whole host of other things. There's also a number of things that the Biden administration did to create cybersecurity mandates on a variety of industries, including after the colonial pipeline hack of 2021, which led to the longest conduit of fuel on the east coast, was shut down. Generally, we hadn't seen much of that prior to the last administration because for a long time, government basically pursued a view of cybersecurity, that industry should be voluntary in its cooperation with security stand that that's the best way to get businesses big and small to adopt best practices. But as bad things continue to happen every year with nation state hacking and ransomware and all sorts of other terrible things, the Biden administration started pursuing a mandated approach rather than a voluntary arrangement. And Republicans have generally been much more hostile to that type of framework. On the other hand, a lot of the worst hacking that we're seeing is coming from China, and the Trump administration is setting itself up to be very, very hawkish on China. Some of the other officials that Trump has tapped for key positions, like the chairman of the Federal Communications Commission, has said that China is a really serious cybersecurity threat and we need to do everything we can to address it.

Bel Lin

Specifically, there's the salt typhoon telecom attack, which was hugely significant. It happened during the Biden admin. But now its after effects continue into the Trump administration. Are there other sort of categories of big threats, maybe from foreign actors, nation states, especially from China, that the Trump administration will have to deal with?

Host

The salt typhoon intrusions in the telecom networks is certainly top of mind for everybody in cybersecurity right now. It is an enormously significant hack that has serious counterintelligence implications and ensnared the phone calls of President Trump and Vice President Vance. Right before the Biden administration left office, they took some actions against China by sanctioning the Chinese technology firm, the contractor that they said was working for Chinese intelligence, to carry out those intrusions. The Trump administration officials, including National Security Advisor Mike Waltz, formerly a Florida congressman, have said that they want to be more aggressive in responding to these types of attacks, that they want to go on offense, essentially in cyberspace. One thing that is always helpful in figuring out what an administration might do is what they've done in the past. And so we can look to the first Trump administration. And among the things that President Trump did during his first term was basically unshackle US Cyber Command, the military's cyber outfit, for sort of offensive cyber strikes in theaters of war and elsewhere. He basically allowed for them to pursue cyber attacks against adversaries with fewer bureaucratic restraints and fewer interagency debate about those types of things. So we saw that in the first Trump administration, and that was actually kept in place largely by the Biden administration. Now this second term, we are likely to see further efforts to pursue that kind of response to various attacks. And so that could be disruptive operations against certainly terrorist groups potentially, but also nation states could be on the receiving end of that and also stepped up espionage, something that CIA Director John Ratcliffe has talked a great deal about is wanting to pursue more aggressive spycraft against China as well.

Bel Lin

Okay, last question for you, Justin. You cover cybersecurity as well as Capitol Hill very closely. What are you most keeping your eye on now that we are several days into the new Trump administration, whether in the coming days ahead or maybe even further, the weeks and the months ahead?

Host

Well, there's a significant shakeup right now in the federal workforce. On January 20, the day Trump was inaugurated, the acting DHS secretary issued a memo to all advisory committees at DHS, essentially disbanding them and terminating the work that they were doing. And that included the Cyber Safety Review Board, which was in the middle of a months long investigation into China's salt typhoon hacks of US Telecoms. Again, this is a hack that ensnared Trump's own cell phone calls for surveillance violence. And now the work of that board has been terminated entirely. And this is just sort of to further the efforts by the Trump administration to reduce federal work, federal agency headcount, to upend a lot of federal protections, to, you know, install a lot of people who are seemingly loyal or seen as loyal to the Trump agenda in not just senior roles, but in the rank and file of the federal government. One thing that I'm going to be watching very closely, as others will be too, is sort of just how do these sort of drastic changes in the federal workforce potentially impact US national cybersecurity? And are we going to see people leaving either voluntarily or by, you know, being pushed out? And is there going to be a brain drain, or are there going to be different people brought on board who are going to take those jobs and run with them? This is all sort of a huge question mark. And to some extent, you have this with every administration with any transition, but clearly you're seeing a great deal more of uncertainty and anxiety about what people are going to be doing and whether or not their jobs are even going to exist a day from now, a week from now, a month from now, let alone a year or two from now.

Bel Lin

That was our reporter, Dustin Voltz. And that's it for Tech News Briefing. Today's show was produced by Julie Chang, logging off for the weekend. I'm your host, Bell Lynn. Jessica Fenton and Michael Lavelle wrote our theme music. Our supervising producer is Kathryn Millsap. Our development producer is Aisha El Mosleem. Scott Salloway and Chris Sinsley are the deputy editors. And Falana Patterson is the Wall Street Journal's head of news audio. We will sign back in this afternoon with TNB Tech Minute. Thanks for listening.