Cybersecurity and the next POTUS

Written by

Security is always going to play a big part in any political race in America.

But rather than facing a visible threat that can be dealt with through one of the strongest armed forces in the world, the USA is the target of deep, dark attacks through their network infrastructure.

The Obama administration has made a number of moves to try and combat the ongoing cyber war, be it against small groups of activists or allegedly state sponsored infiltrations.

The “cyber wargames” testing out its defences through its “special relationship” with the UK for one, sharing of intelligence between the public and private sector for another, and the extension of RICO laws.

But for the next inhabitant of the Oval Office, the fight is only going to get tougher when it comes to protecting the government, businesses and citizens from the increasing technological threat, both from its own soil and abroad.

WHERE DO THE CANDIDATES STAND?

Front runner for the Democrats Hilary Clinton has far from the best record in the realms of cyber security.

She has attracted widespread criticism for using a private email server for her official business as secretary of state, at a White House report released earlier this year showed her tenure between 2009 and 2013 made for one of the worst records of any agency at the time in protecting the government’s computer networks.

But the bookie’s favourite has listed cyber attacks as a key battle in the country’s future.

In her campaign pledges, Clinton said they will have “profound consequences for our economy and our national security” and has promised to continue Obama’s work, linking the private and public sector to overcome “the mistrust” that exists between the two groups today and build resilience together.

“Our country will outpace this rapidly changing threat, maintain strong protections against unwarranted government or corporate surveillance, and ensure American companies are the most competitive in the world,” she added.

Martin O’Malley, the former governor of Maryland, has also worked as an advisor to the department of homeland security and believes protecting the country is “the foremost responsibility of those in public service.”

His policy calls for an “urgently needed new agenda” for the fights on “digital battlefields”, again backing the work between government and businesses, but also calling for more investment into more resources to continue the fight and for every segment of government to get involved, even “tapping the skillsets of civilians” who may be able to help.

Whilst the most left-wing of the candidates, state senator Bernie Sanders, has called for $10bn a year as part of his “Rebuild America Act” to modernise the country’s “aging electrical grid,” which he believes will “address critical vulnerabilities to cyber attacks.”

The Republicans aren’t exactly showered with glory when it comes to knowledge of cyber security.

Surprise front runner for the nomination, businessman and TV star Donald Trump seems to think a conversation with Bill Gates will allow him to “switch off the internet” to protect the country from these complex issues.

In his campaign, he has particularly spoken about the threat of China to the US’ intellectual property and accused the country of allowing “cyber lawlessness” to threaten prosperity, privacy and national security.

Trump added: “We will enforce stronger protections against Chinese hackers and counterfeit goods and our responses to Chinese theft will be swift, robust, and unequivocal.”

US senator Ted Cruz is currently polling in second place – although still with half the points of Trump.

Like most of his fellow runners, he hasn’t made a huge amount of noise over cyber security. But he was the only Republican candidate to vote in favour of the USA Freedom Act, which stops the NSA from collecting most landline telephone records in the country and makes it get a court order to retrieve them from providers.

He said the act “strikes the right balance between protecting our privacy rights and our national security interests.”

But third place state senator Marco Rubio has made “defending free enterprise and a free internet” a key pledge.

His policy says he wants to stop the web being “smothered” by regulation, whilst strengthening cyber security in the US.

Like the Democrat candidates, he backs sharing between private and public sector organisations.

But he also wants to “use American power to respond harshly to international cyber attacks on American citizens, businesses, and governments.”

And then, of course, there is the Libertarian Party candidate John McAfee.

The man responsible for one of the world’s most well-known security companies can surely be trusted when it comes to knowledge of both the industry and the tools needed to protect the public.

But it is unlikely such a figure would inspire people to regard him for his talents, but more likely his controversy, be it his alleged involvement in an unsolved murder in Belize or his thoughts on psychedelic drugs in the work place.

WHAT DOES SILICON VALLEY THINK?

From the depths of California through to the innovations in Massachusetts, it is clear from the stance of most candidates that technology businesses will play a big role in the future of cyber security policy, whoever wins the vote in 2016.

But it is the big wigs of Silicon Valley that will not only have an influence but be needed for the White House to tackle the incoming threats.

Duncan Brown, security analyst at IDC, said it was already making a difference.

“It is already substantial in this race,” he said. “The main players like Symantec and Microsoft already lobby on cyber security.

“Importantly, cyber security is intrinsically tied up with the privacy debate. This centres on a fundamental balance between an emphasis on cyber security which enables privacy, and an emphasis on national security, which favours interception of electronic communications.

“This debate often gets in the way of generally improving cyber security practice. Silicon Valley firms need to focus on this practice angle but often get dragged back into the privacy debate.”

There will also be a lot of funding coming from the big firms, whichever side they decide to support.

But Mike Janke, chairman of Silent Circle, believes it will be up to the parties to win them over.

“I believe it will play a significant role for sure,” he said. “Not just the financial side for campaign funds, but most certainly on the voting side.

“Whoever can appeal to the issue that Silicon Valley highlights, will have significant support.”

THE INTERNATIONAL STAGE

But it will not just be home-grown experts that will play their part in the US’ future cyber security battle.

Mikko Hypponen, chief research officer at F-Secure, said it will be as important working with people overseas to tackle the incoming threat as those at home.

“Protecting the internet cannot be done without international cooperation,” he said. “The next leader of the White House will have to address some important political and military questions.

“For example, it's typical that online attacks are rerouted through various countries to make it harder to locate the attacker's origin. This means it will be important to work with other countries in combating these attacks.

“Moreover, because laws differ from country to country, cooperative enforcement of laws will be crucial. The question is which of the candidates is best suited for this?”

IDC’s Duncan Brown added: “Cyber threats are global and so all countries have to work with each other. Cyber criminals don’t care which country they attack: they’ll just go after the rich (or easy) targets.”

THE FUTURE

The fact is, whoever wins in 2016 will be faced with cyber threats.

With Gartner predicting 6.8 billion connected devices to be in the hands of people next year – 30 percent more than in 2015 – these moving targets will continue to be infiltrated and see attacks spread further and wider than ever before.

In Mcafee Labs’ threat predictions report for the next 12 months, senior vice president Vincent Weafer said this increased surface, more sophistication from attackers, a lack of integrated security technologies and the shortage of skills to “fight back” will all play out.

“The value of stored and in-transit information is rising rapidly, fuellingnew markets, creating a need for securely connecting devices, delivering trusted data to the cloud, and deriving value through analytics,” he said.

“But, like anything of value, information is also attracting the attention of adversaries looking for new ways to steal it, leverage it, and benefit from it. Although people often think of organised crime and other criminals, potential adversaries also include hacktivists, nation-states, and others not necessarily seeking direct financial gain.

“As we look ahead to the personalisation and consumerisation of cyberattacks, adversaries may also include a competitor, political opponent, spouse, neighbour, or other personal nemesis, as well as the rising activity of chaotic actors who just want to see things burn.”

There are some positives from the report. Claims that passwords will finally become a thing of the past, with more secure authenticating systems coming into play, and people will have a stronger understanding of the need for personal security, as well as getting how valuable their data is. 

But this won’t stop attempts on the US, be it hacktivism, ransomware, cloud breaches or cyber espionage to name a few.

Clive Longbottom, founder of analyst firm Quocirca, said the terror threat will be thye biggest for the next president.

“A new president has to look at changing the old mindsets when it comes to defence,” he said. “Although Russia is unstable, it is not a major threat at the moment.  Terrorism is by far the biggest threat to the world's peace, and this isn't going to be beaten by nuclear warheads backed by massive aircraft carriers and ground troops.  

“The terrorists are way ahead of governments in their use of cyber capabilities - and this is where such a new 'war' has to be fought.  

“Alongside this is the big economic threat of government-sponsored cybercrime - whether this be through the hacking of organisations for intellectual property or the blocking of sites through DDoS attacks to make life difficult for companies.  Therefore, there is a massive need for a lot more cyber specialists in the US (and elsewhere) who can work in the new big data world to better identify what's happening before it becomes a real problem in the real world.”

So be it Clinton, Trump, or even McAfee, the new president will need to take the threat seriously and work with all walks of life, nationally and internationally, to protect their country – as well as winning Silicon Valley over. It is no small task.

Subscribe to the print magazine here

What’s hot on Infosecurity Magazine?