ABSTRACT
This article evaluates the conditions under which national cybersecurity policy changes or remains stable. Consistent with theories of policy and bureaucratic inertia, particularly punctuated equilibrium theory (PET), it finds that national-level cybersecurity policy during the Trump administration was constrained by existing conceptual, political, and strategic commitments. It uses government and media documentation to observe two pivotal policy periods during the Trump administration. It finds that despite shifting from a nominally defensive to a nominally offensive posture, rather than revise policy categories and priorities, policy makers interpreted cyber threats within existing threat and policy categories. These findings offer two contributions to policy scholarship. First, they begin the process of situating the Trump administration in the larger context of US cybersecurity policy. Second, they demonstrate constraints on senior policy makers as well as the utility of a punctuated equilibrium model. The Trump administration’s “defending forward” concept represented one of the most ambitious efforts to break with existing US cybersecurity policy; however, even this effort was constrained in ways consistent with punctuated equilibrium theory.
Disclosure statement
No potential conflict of interest was reported by the authors.
Additional information
Notes on contributors
Jacob Shively
Jacob Shively received his Ph.D. from Indiana University and is an associate professor in the Reubin O’D. Askew Department of Government at the University of West Florida, where he studies foreign policy and grand strategy. His 2020 book is entitled Make America First Again: Grand Strategy Analysis and the Trump Administration.