There is no doubt that the topic of cybersecurity is the elephant in the room when it comes to assessing the United States’ readiness to mitigate hacking and data breaches. Or some would say it is the 400-pound man on the bed, as did now President Donald J. Trump in one of his eloquent debate performances during the 2016 Presidential campaign. Moderator Lester Holt of NBC posed this question: “Our institutions are under cyber-attack, and our secrets are being stolen. So my question is: who's behind it and how do we fight it?”
In what has become his familiar off-centered and rambling retorts to specific queries regarding issues and policy, Trump bounced back saying, “As far as ‘the cyber,’ I agree to parts of what Secretary Clinton said. We should be better than anybody else, and perhaps we’re not. I don’t think anybody knows that it was Russia that broke into the DNC. She’s saying Russia, Russia, Russia – I don't, maybe it was. I mean, it could be Russia, but it could also be China. It could also be lots of other people. It also could be somebody sitting on their bed that weighs 400 pounds, okay?”
The following day the New York Daily News suggested, “The true loser of the presidential debate -- the English language!”
The Daily News also called Trump’s shorthand for cybersecurity (the cyber) “bizarre” and added that it was “an out-of-touch comment that would come from your tech-illiterate grandpa.”
Now I bring this up not to belittle our new Commander-in-Chief, but to highlight my personal concerns about the potential direction cybersecurity policy could go under this administration based on its obvious lack of sophistication in understanding the threats – no less admitting there are any.
When you consider the expanding global cyber world with all its nuisances like the Internet of Things (IoT), the cloud environment and the hyper-convergence of physical and logical security, having your frame of reference being something called “the cyber” is chilling.
Compound Trump’s childlike acquaintance with cybersecurity issues with the frenetic and confounding pace of executed executive orders that are alleged to have great urgency, only to be delayed in lieu of political convenience – i.e., the immigration travel ban – it tends to give one pause. Toss in the fact Trump and his surrogate’s failure to acknowledge Russian infiltration of the 2016 election and the cybersecurity dangers posed by it, we can only hope his appointees in the intelligence sector are a bit more motivated to confront these real threats.
At the end of January, President Trump was expected to set up a commission and sign an executive order detailing his cybersecurity roadmap and the administration’s approach to defending federal agencies from hackers but abruptly canceled the signing without explanation. The commission was to review the federal government’s capabilities and defenses, similar to reviews ordered by Obama when he took office in 2008 and again in Feb. 2016, when the Cybersecurity National Action Plan was implemented.
However, the Washington Post, which recently obtained a draft copy of Trump’s cybersecurity order – aimed at the steps these federal agencies were to take – essentially raised more questions than they answered with regards to policy. The document provided a broad definition of critical infrastructure, but failed to mention voting systems and was extremely vague about the new administration's’ intentions of including former DHS Secretary Jeh Johnson’s classification of election systems as critical infrastructure. The absence of election protection seems a bit odd considering Trump’s assertions that three million illegals voted in this past presidential election. I’d figure this would be a priority!
But as one of our nation’s journalistic treasures, Sean Hannity regularly quotes to his faithful from the Bible, “Let not your heart be troubled,” cybersecurity expert Don Lohrmann, in essence, told me the same thing in a recent conversation. His sense of optimism stems from his feeling that Trump will take an entirely different tact in battling cyber-crime.
"I am optimistic that the Trump administration will act on cybersecurity. President Trump promised that within 90 days of taking office, his administration will be producing a report on the state of America's cybersecurity. I fully expect that will happen – with plenty of bad news initially regarding what needs to be fixed online,” said Lohrmann, Chief Strategist and Chief Security Officer for Security Mentor and the former CSO for the State of Michigan. “I also expect to see his meetings with private sector technology executives to lead to a series of cybersecurity actions – probably in line with the recommendations issued by the Center for Strategic and International Studies (CSIS) Cyber Policy Task Force issued in early January 2017. Also, expect to see some incentives for companies that implement cyber protections. If we want a different result, we need to stop doing the same things."
So onward ho. Let’s protect “the cyber.”