President Obama has promised to take action in response to findings by U.S. intelligence agencies that Russia hacked computers at the Democratic National Committee and other Democratic political groups. And one of Donald Trump’s first big decisions as president may be whether to continue down the chosen path.
State-sponsored hacking is “arguably one of the biggest threats to the nation,” says Jay Kaplan, a former analyst at the National Security Agency. State actors are behind numerous recent hacks, including the federal employee records at the Office of Personnel Management, believed to be the work of China.
In a recent report on “enhancing national cybersecurity,” the Obama administration avoided addressing the issue of state-sponsored hacking head-on. But it did recommend steps — including training 100,000 new “cybersecurity practitioners” by 2020 — to fix vulnerabilities in government and private networks.
Crowd-sourcing offers a path to tackle the challenge, Kaplan says. He is CEO of Synack, which is working with the Pentagon using crowd-sourcing “to uncover security holes across the federal government,” as he puts it. Right now, the effort is focused on the Defense Department, Kaplan says, but he hopes “to broaden that scope soon.”
And a new administration may bring other new ways of looking at the problems — or at least that’s what Betsy Cooper hopes. She is executive director of the Center for Long-Term Cybersecurity at the University of California, Berkeley.
“We absolutely believe that this is an opportunity for progress,” Cooper says, “that a new administration without ties to past government structures really creates the opportunity for resetting the playing fields.”
One proposal is for a cyber workforce incubator to be set up in Silicon Valley, where tech industry experts and government officials could get together to exchange ideas. They would spend a year or two together and then “each group would rotate back to their normal jobs,” Cooper says.
The idea is that in that period, the government workers will get “better exposure to the Silicon Valley culture and way of working,” Cooper says, while those from the tech industry will better understand “the importance of government problems and the importance of working on these issues in the public sector. “
Cooper also suggests a public campaign — like the government has used to get people to buckle their seat belts or to recycle — to get ordinary Americans aware of the importance of things like using strong passwords and other so-called good cyber hygiene practices.
It’s not just individuals or government systems that need help with cyber security issues.
“I think the president should focus on three things: energy, finance and telecom,” says Melissa Hathaway, president of Hathaway Global Strategies, who has worked on cyber issues in the Obama and George W. Bush administrations.
Hathaway, who is also a senior adviser on Harvard University’s Cyber Security Project, says the IT systems of utilities and banks have already been infected with malware and are vulnerable to hackers, not only from state sponsors, but also criminals: “If I can bring a utility offline through ransomware or through some other means,” she says, “I can cause them to pay to get it restored.”
And she points to recent attacks, in which hackers hijacked Internet-connected devices to bring down online services including Twitter and Spotify.
“It’s really important that we stop talking about these problems and start solving them,” Hathaway says. “And that’s going to require leadership, it’s going to require focused attention.”
She says if Trump wants to make America great again, he needs to address cybersecurity quickly.