Donald Trump Has A Plan for CyberWar

In a meandering, 100-minute-long telephone interview with The New York Times last week, Donald Trump elaborated on some of the bold and belligerent foreign-policy prescriptions he’s hinted at in the past.

He touched on nuclear weapons, spying and the fight against ISIS, bringing his tried-and-true “we’re losing” doom and gloom to each topic. His proclamations of decline seem to be designed to support what he said outright on Twitter last week, after a bombing in Pakistan killed dozens and injured hundreds: “I alone can solve.”

When confronted with a question about cyberwarfare, Trump leaned on the same tactics, while displaying a profound unfamiliarity with the issue.
David Sanger, one of the two Times journalists interviewing Trump, asked the candidate if the US should use cyberweapons as an alternative to conventional weapons or nukes, and if so, how often.

Trump said he didn’t think cyberweapons are an alternative to nuclear weapons “in terms of ultimate power.” He tacked back to discussing nukes—“I will tell you, I would very much not want to be the first one to use them, that I can say”—until Sanger asked him again how he would use the US cyber-arsenal as president.

And that’s when the Trump kicked into full woe-is-us mode. Here’s his answer, in full:

First off, we’re so obsolete in cyber. We’re the ones that sort of were very much involved with the creation, but we’re so obsolete, we just seem to be toyed with by so many different countries, already. And we don’t know who’s doing what. We don’t know who’s got the power, who’s got that capability, some people say it’s China, some people say it’s Russia. But certainly cyber has to be a, you know, certainly cyber has to be in our thought process, very strongly in our thought process. Inconceivable that, inconceivable the power of cyber. But as you say, you can take out, you can take out, you can make countries nonfunctioning with a strong use of cyber. I don’t think we’re there. I don’t think we’re as advanced as other countries are, and I think you probably would agree with that. I don’t think we’re advanced, I think we’re going backwards in so many different ways. I think we’re going backwards with our military. I certainly don’t think we are, we move forward with cyber, but other countries are moving forward at a much more rapid pace. We are frankly not being led very well in terms of the protection of this country.

Trump appears to be making three points here: first, that the US is “obsolete in cyber”; second, that the US can’t even tell where attacks are coming from; and third, that “the power of cyber” is “inconceivable” and should figure “very strongly in our thought process.”

That latter point is hard to argue with. Cyberweapons are indeed mind-bending: Look no further than Stuxnet, a US and Israeli cyberattack that caused Iranian nuclear centrifuges to spin out of control and destroy themselves. It was a landmark moment for state-on-state cyberattacks.

But his first two points are, as far as conventional wisdom goes, far wide of the mark. The US is in fact believed to have the most powerful arsenal of cyberweapons of any country. Its specific capabilities are a closely guarded secret, but the government is likely hoarding knowledge of vulnerabilities and security flaws that it could use to inflict damage on other countries’ computer systems—sort of like a reserve of warheads ready to be deployed.

And while attributing cyberattacks to a country or an individual is indeed one of the more difficult aspects of cyberwarfare—far trickier than figuring out where a missile was fired from, for example—the US has gotten pretty good at it. Soon after Sony Pictures Entertainment became the victim of a massive hack in 2014, for example, US officials pointed fingers at North Korea. The government was able to come to that conclusion because it had been spying on North Korean networks since 2010, The New York Times reported.

More recently, the Justice Department has embarked on a name-and-shame campaign, bringing public charges against foreign state-sponsored hackers who attack US government and private sector computers. It began in 2014, when the department placed five members of China’s People’s Liberation Army on a list of most-wanted cybercriminals for stealing trade secrets. In the past two weeks, two Syrians and seven Iranians have been charged and added to the list.

When Trump bemoans an “outdated” the US cyber-arsenal, he might be thinking instead of the sorry state of America’s cyber-defenses. Its shortcomings were made incredibly clear by the Chinese attack on Office of Personnel Management servers in 2015, when hackers gained access to the private information of 22 million people. Numerous other attacks on government systems and email servers have proved the government’s difficulty keeping digital information safe.

Trump certainly isn’t the only presidential candidate without a meaningful cybersecurity and cyberwar platform. A Wired summary of the contenders’ positions showed that all of them have painted their positions in very broad strokes, if they’ve even taken one.

But whoever takes over the Oval Office in 2017 will be handed more than just the country’s nuclear codes. The next high-stakes raid may not involve an elite team of Navy Seals, but rather hinge on vulnerabilities in an enemy’s computer code—so presidential hopefuls had better start wrapping their head around the “inconceivable power of cyber.”

Ein News: http://bit.ly/1S4QdmZ

« UK Investigatory Powers Bill Will Cost £1bn To Implement
Were Brussels Terrorists Trying To Build 'dirty bomb' »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

GrammaTech

GrammaTech

GrammaTech is a leading developer of software-assurance tools and advanced cyber-security solutions.

DataVisor

DataVisor

DataVisor is a big data fraud detection and anti-money laundering solution.

ClickDatos

ClickDatos

ClickDatos specializes in consulting, auditing, data protection training, accredited by ISO/IEC 27001 certification.

RazorSecure

RazorSecure

RazorSecure offers products and services to enhance railway cyber security, by protecting and monitoring networks and key systems.

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC) was founded to develop and implement information security practices in Dubai.

Anect

Anect

Anect is a leading provider of ICT security and services for hybrid and cloud solutions.

Hack The Box

Hack The Box

Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people in the security field.

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling and Data Destruction protect the environment and your data with proven and trusted electronics recycling and data destruction services.

Asset Guardian Solutions (AGSL)

Asset Guardian Solutions (AGSL)

Asset Guardian are dedicated to protecting the integrity of process control systems software that is used to control operations and production processes.

Bitfury Group

Bitfury Group

Bitfury Group is the largest full-service blockchain technology company in the world.

689cloud

689cloud

689Cloud is a cloud content collaboration platform that allows users to protect, track, and control files AFTER they have been shared.

Stealth-ISS Group

Stealth-ISS Group

Stealth–ISS Group is your extended IT, cyber security, risk and compliance team, providing strategic guidance, engineering and audit services, along with technical remediation and security operations.

Arkphire

Arkphire

Arkphire provide solutions across every aspect of IT to help your business perform better.

Tenet3

Tenet3

Tenet3's vision is to make optimal cyber strategy development tractable, data driven, with concrete success metrics. The result is cost effective cyber resilience for our customers.

Leostream

Leostream

Leostream's Remote Desktop Access Platform enables seamless work-from-anywhere flexibility while maintaining security and constant visibility of users.

Superna

Superna

Superna is the global leader in data security and cyberstorage solutions for unstructured data, both on-prem and in the hybrid multi-cloud.

RightSec

RightSec

RightSec is an emerging market leader and solution provider for cybersecurity and digital resiliency. We provide end to end solutions to suit your specific business lifecycle.