Apart from his obvious mastery of Twitter, President-elect Donald Trump has yet to prove that he truly understands the important role of information technology in the modern economy and government.
One of the main areas of concern is his apparently limited understanding of cyber security, both in terms of how it works or its importance.
The issue has been very much in the mainstream news as the US Government embarks on an investigation of claims that Russian state-sponsored hackers intentionally influenced the outcome of the election that has brought Trump to power.
In fact, today, President Obama promised in an NPR interview that the US would “take action”. Trump, for his part, has dismissed the CIA reports suggesting that Russia intervened in the election.
So as the issue of cyber security becomes both more contentious and pertinent, what should we expect from a Trump administration?
Perhaps not a lot. On several major issues, Trump has given responses that suggest he does not understand the security points at issue.
Earlier this year, Trump was vocal in denouncing Apple for not cooperating with the FBI in the Syed Rizwan Farook case. Apple was ordered by a court to provide the FBI with a specially developed version of the iOS operating system to unlock the encryption on an Apple iPhone used by the perpetrator of a mass shooting in San Bernardino.
Apple challenged the ruling, refusing to develop the software. Eventually the FBI managed to find a way to hack the smartphone anyway.
Trump called for consumers to boycott Apple products until they gave up an unspecified “security number” that he believed they were withholding.
He then wrote on Twitter: “I use both iPhone & Samsung. If Apple doesn’t give info to authorities on the terrorists I’ll only be using Samsung until they give info.”
Apple had not refused to provide information to the security agency, so evidently Trump had not fully grasped the situation.
Last year, Trump appeared to call for the internet to be partially shut down to fight terrorism in the wake of the Paris shootings, when terrorists killed over 130 people.
“We are losing a lot of people because of the internet and we have to do something,” Trump said, speaking on an issue that has gained renewed attention in the wake of attacks in Paris in November.
“We have to go see Bill Gates and a lot of different people that really understand what’s happening. We have to talk to them, maybe in certain areas, closing that internet up in some way.”
As CEO of security firm Cyber adAPT Kirsten Bay, who has worked on congressional committees developing cyber policies for the US government, says, these statements “do not engender a feeling of confidence when thinking about the complexities of the internet, net neutrality policies, cyber security, and national security cyber defence strategy.”
However, Bay says that it is not just Trump’s security attitudes that we need to consider, but the people he is appointing to positions of power.
“I believe we still don’t entirely know whether we will get the right people, and, thus, the right policy,” she says. Bay says that this will include Trump’s picks for the intelligence community, the Department of Defense and the Federal Communications Commission.
Bay also says that from the evidence, including the discord between Trump and the intelligence community, she does not believe that Trump takes the threat of hacking seriously enough.
However, Bay says that the successful hacks on the Democratic National Committee during the election campaign suggest that the Democrats may also not be taking security seriously enough.
Some critics of Trump have taken a more combative tone. Bruce Schneier, Chief Technology Officer at IBM’s Resilient and respected security expert, wrote in a recent blog that Trump will have “devastating effects” on internet security and privacy.
What will Trump actually do as President?
Trump’s possible negligence on the issue of security may impact his personal practices.
Kaymera CEO Avi Rosen says, for example, that the US President is given a secure ‘dumb’ phone to make and take calls that would be very difficult to hack.
As Rosen says, Trump may simply decide to use his own smartphone anyway.
On security policy, there is a blueprint for what a Trump presidency might look like. Trump has published a four-part strategy on cyber security.
The strategy outlines a review of US cyber defences and vulnerabilities, Joint Task Forces to combine law enforcement responses to cyber threats, recommendations from US defence officials for improving US Cyber Command and developing offensive cyber capabilities.
Bay says that much of the strategy has already “been done, is being done, or has been recommended”.
Bay also says that the focus on offence is not necessary.
“Offence has never been our problem. We have some of the most accomplished offensive capabilities in the world. I think the question should be more focused on the how and when.”
She advises the incoming administration to “speed up implementation, reduce the friction of getting new technologies through the evaluation and implementation process. Help small and emerging technology businesses get EVEN more visibility by increasing the Science and Technology Directorate.”
As with so many areas of the Trump administration, the future is unclear. On 1 December, the Commission on Enhancing National Cybersecurity published a 100-page report that outlines the steps that need to be taken.
This includes tackling the emerging issue of internet of things security and investing in skills.
But as President Obama admitted, the implementation of the strategy is out of his hands.
“Now it is time for the next Administration to take up this charge and ensure that cyberspace can continue to be the driver for prosperity, innovation, and change – both in the United States and around the world,” wrote Obama.
The advice and expertise that Trump needs to pursue an effective and ethical cyber security policy is there, if he chooses to take it.
https://www.cbronline.com/news/cybersecurity/breaches/trump-vs-clinton-2016-5-cyber-attacks-defined-election/
https://www.cbronline.com/news/cybersecurity/trump-anonymous-suggests-john-mcafee-lead-trumps-cybersecurity-team/