Donald Trump Doesn’t Understand Cyberwar

In late March, Donald Trump sat down with a few reporters from The New York Times for a rare, in-depth interview about his foreign policy ideas.

The conversation careened from Middle East alliances to nuclear weapons to trade pacts, touching briefly on the ever-more pressing topic of cyberwar. Trump said the US lagged behind other world powers, and that the “inconceivable power of cyber” should figure “very strongly in our thought process.”

Now, far from being cooked through, his thoughts on cybersecurity and cyberwar seem to have deflated. At the Republican National Convention, the Times’ Maggie Haberman and David Sanger checked up on the ideas of the man who’s now the Republican nominee for president. Here’s what he had to say:

David Sanger: You’ve seen several of those countries come under cyberattack, things that are short of war, clearly appear to be coming from Russia.

Donald Trump: Well, we’re under cyberattack.

Sanger: We’re under regular cyberattack. Would you use cyber-weapons before you used military force?

Trump: Cyber is absolutely a thing of the future and the present. Look, we’re under cyberattack, forget about them. And we don’t even know where it’s coming from.

Sanger: Some days we do, and some days we don’t.

Trump: Because we’re obsolete. Right now, Russia and China in particular and other places.

Sanger: Would you support the United States’ not only developing as we are but fielding cyber-weapons as an alternative?

Trump: Yes. I am a fan of the future, and cyber is the future.

At that point, Sanger gave up and moved on to a new line of questioning.

In March, Trump was wrong about several aspects of cyberwar. This time, he stuck to statements so anodyne that they’re nearly impossible to fact check.

Like before, Trump appears particularly worried about the difficulty of tracking down the perpetrators of cyberattacks. That’s certainly one of the things that makes cyberwar trickier than a conventional conflict: A missile might be easy to track through the sky, but a virus can come from anywhere, and skilled hackers generally cover their digital tracks assiduously.

But the US is getting good at identifying attackers. Officials attributed a massive attack on Sony Pictures Entertainment to North Korea, and privately pointed fingers at China for data breaches at the Office of Personnel Management, and at Russia for attempts to get into email systems at the State Department at the White House.

Trump also repeated his earlier claim that the United States is “obsolete” in cyberwar. It’s true that state-sponsored hackers have repeatedly poked holes in the defenses of American corporations and governments. But American offensive capabilities are likely unmatched.

This year, the Defense Department launched into full-on cyberwar against the Islamic State, promising to disrupt the group’s propaganda, internal communications, and basic functions like payroll. The campaign marks the first time the Pentagon has publicly announced that it’s using its own cyber-weapons to go after an adversary—previous attacks, like the Stuxnet worm that targeted Iranian nuclear centrifuges, were conducted in secrecy. But as reported by The Washington Post, the operation, which would support the US-led coalition’s airstrike campaign, has gotten off to a slow start, as the Pentagon hires up for the effort and stockpiles weapons to use against the group.

Of course, this is a whole lot more detail than Trump was ready or willing to take on in his interview this week. Political analysts, security experts, and even the nominee’s own ghostwriter are wringing their hands over the thought of the lasting, catastrophic damage Trump could inflict with access to the US nuclear arsenal. The potential that he’d misuse the government’s secretive stockpile of viruses and malware is only slightly less worrisome.

If Trump is to live up to his self-proclaimed title, a “fan of the future”, he’d do well to brush up on his cyberwar talking points before the first presidential debate in September.

Ein News: http://bit.ly/2bb77VI

« For Sale: Leaked Terror Watch List
Made in Britain: Facebook's Drones »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jetico

Jetico

Jetico provides pure & simple data protection software for all sensitive information throughout the lifecycle. Solutions include data encryption and secure data erasure.

Copenhagen FinTech

Copenhagen FinTech

Copenhagen FinTech is a centre for R&D and innovation in the Danish finance IT sector. Focus areas include cyber security and payments platforms.

HackCon Norway

HackCon Norway

HackCon is for the people who are interested in technology, psychology, IT and security, and who wants to improve their knowledge within these areas.

Industrial Cyber-Physical Systems Center (iCyPhy)

Industrial Cyber-Physical Systems Center (iCyPhy)

The goal of iCyPhy is to conduct pre-competitive research on architectures and design, modeling, and analysis techniques for cyber-physical systems.

Flashpoint

Flashpoint

Flashpoint is a globally trusted leader in risk intelligence for organizations that demand the fastest, most comprehensive coverage of threatening activity on the internet.

Norton

Norton

NortonLifeLock is dedicated to helping secure the devices, identities, online privacy, and home and family needs of approximately 50 million consumers.

PrimeKey

PrimeKey

PrimeKey provides organisations with the ability to implement security solutions such as e-ID, e-Passports, authentication, digital signatures, unified digital identities and validation.

CyberFortress

CyberFortress

CyberFortress is an insuretech startup offering a new kind of online business interruption policy designed for small business.

Eaton

Eaton

Eaton provides comprehensive cybersecurity services for operational technology (OT) to help keep your operations and personnel safe.

Bitcrack

Bitcrack

Bitcrack Cyber Security helps your company understand and defend your threat landscape using our key experience and skills in cybersecurity, threat mitigation and risk.

689cloud

689cloud

689Cloud is a cloud content collaboration platform that allows users to protect, track, and control files AFTER they have been shared.

Secuvant

Secuvant

Secuvant is an independent IT Security firm providing enterprise-grade IT security services to mid-market organizations.

Drip7

Drip7

Drip7 is a micro-learning platform that is re-inventing the way companies train their employees and build lasting cultural change around the importance of cybersecurity.

South East Cyber Resilience Centre (SECRC)

South East Cyber Resilience Centre (SECRC)

The South East Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

SignMyCode

SignMyCode

SignMyCode is a one-stop shop for trusted and authentic code signing solutions to safeguard software.

BeamSec

BeamSec

BeamSec is a cybersecurity solutions provider committed to addressing the human element of risk against the evolving landscape of email-based cyber threats.