We all know the result of the American Presidential Election (assuming you haven’t been living under a rock). Surprising? Maybe. Unexpected? So-so. It’s not my job to judge him. My job is cyber-security and I’m really worried. Before I begin, I must state, that I’m not pro- or anti-Trump, and what’s more I’m genuinely fed up with all the anti-Trump crying in the last few days. All I can say is my professional opinion and concern.
In one of his speeches during the campaign, he was asked about cybersecurity. His answer was: “I have a son. He’s 10 years old. He has computers. He is so good with these computers, it’s unbelievable. The security aspect of cyber is very, very tough.” While the Clintons answered with similarly deep insight: “so complicated it is difficult to explain to people,” Bill Clinton on Hillary’s email scandal.
I’ve never thought that any president of the United States would ever say that there is anything in this world that is “too complicated” to explain to people. This shows how vulnerable, helpless and defenseless today’s administration is when it comes to cybersecurity.
Trump is more or less a technologically illiterate person, that much we can say. So long as he was only a CEO, that didn’t make much difference (if you pay the right men, you can more or less ignore the problem), but as a leader of the most powerful country in the world, he’s responsible for the “cyber”, even on global scales.
Let’s think about this. According to some opinions, the USA is already falling behind in the cyber-arms race, and despite the efforts of different government organizations, the recent DDoS attacks have shown that they are – we are – extremely susceptible to attacks. Half of the Internet was shut down, because, like it or not, the biggest E-companies are still located physically in the USA. If they have a problem, we have a problem.
President-elect Trump would only notice that he can’t tweet all kinds of stuff that comes to mind, and maybe he’s not able to watch TV. What solution can he issue? “Make it work”.
Even the older Bush is more enlightened about matters regarding technology and that’s seriously concerning.
Our hope – security cooperation between the private sector and government
Best scenario, we can hope that he finds an expert to oversee the country’s cybersecurity efforts, maybe cooperate with Silicon Valley (that seems also highly unlikely because the techies in CA were opposing Trump during the election and he in exchange scourged them.) On the other hand let’s not just completely rule out the chance of private-public partnerships, as in the matter of cybersecurity governments have proven to be very inefficient compared to the private sector, and Trump will recognize this sooner or later.
But it looks likely that if America becomes a kind of lawless no man’s land in cyberspace, with only the local sheriffs (the companies with SOCs) to oversee it, that would make efforts in Europe much more costly, and less efficient.
Imagine the following scenario:
‘Mr. President, I’ve proposed a new law that would forbid end-to-end encryption. It’s only waiting for your signature’
‘What is end-to-end encryption?’
‘It makes the FBI and NSA struggle to find terrorists and makes it easier for criminals to communicate without consequences.’
‘Why was this even legal in the first place? I vowed to free America from terrorists!’
‘Yes I know Mr President. Believe me, this will let us monitor every possible terrorist entering our great nation, and find them even before they think about committing anything.’
‘Consider it done. Good job advisor, let me know if you need anything else.’
Well, of course, this is an oversimplified exemplary story, but it shows the logic behind government interests and sheds light on why it is mandatory for a decision maker in legislation to have the right perspective on the many sides of the cyber coin he has to decide about. A few half-truths here, some corporate interests there, and net neutrality, personal privacy, and everything we take for granted tomorrow goes down the drain. That’s the state’s side.
On the other side, there are literal armies of hackers, waiting for an out-of-date software, an outdated method, a minor security flaw. The state of cyber security is inadequate at best in most corners of the world, and we cannot expect a man who does not really understand anything about cybersecurity to commit enormous funds fighting it. Cyber is bad right? And it’s a problem. How big is that problem? Is it worth billions of dollars to fight or only a couple of millions? Who will make that decision? Who will be responsible if (or rather when) the shit hits the fan? Can a president say “I don’t know anything about this, I let my secretary decide these questions, address your questions to him”?
But let’s cheer up a little bit. At least he acknowledges that cyber threats exist, unlike his position on global warming. That means he won’t purposefully hinder the development of tools, at worst he won’t support it as well as he should. The current technical and human resources aren’t going away (most likely) but let’s take into account that if any industry is evolving at breakneck pace it’s cybersecurity. Yesterday’s solutions may be enough for today, but most likely won’t be sufficient tomorrow.
If America wants to maintain its position as a leading power in cyber warfare (and thus in conventional warfare) that would cost truckloads of money and a right perspective. The race is ever accelerating and whoever falls behind gets left behind. I wish the best for President Trump because if he fails, we will all feel the consequences.