Donald Trump Has A Plan for CyberWar

Uploaded on 2016-04-15 in NEWS-Cybersecurity News, INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

In a meandering, 100-minute-long telephone interview with The New York Times last week, Donald Trump elaborated on some of the bold and belligerent foreign-policy prescriptions he’s hinted at in the past.

He touched on nuclear weapons, spying and the fight against ISIS, bringing his tried-and-true “we’re losing” doom and gloom to each topic. His proclamations of decline seem to be designed to support what he said outright on Twitter last week, after a bombing in Pakistan killed dozens and injured hundreds: “I alone can solve.”

When confronted with a question about cyberwarfare, Trump leaned on the same tactics, while displaying a profound unfamiliarity with the issue.
David Sanger, one of the two Times journalists interviewing Trump, asked the candidate if the US should use cyberweapons as an alternative to conventional weapons or nukes, and if so, how often.

Trump said he didn’t think cyberweapons are an alternative to nuclear weapons “in terms of ultimate power.” He tacked back to discussing nukes—“I will tell you, I would very much not want to be the first one to use them, that I can say”—until Sanger asked him again how he would use the US cyber-arsenal as president.

And that’s when the Trump kicked into full woe-is-us mode. Here’s his answer, in full:

First off, we’re so obsolete in cyber. We’re the ones that sort of were very much involved with the creation, but we’re so obsolete, we just seem to be toyed with by so many different countries, already. And we don’t know who’s doing what. We don’t know who’s got the power, who’s got that capability, some people say it’s China, some people say it’s Russia. But certainly cyber has to be a, you know, certainly cyber has to be in our thought process, very strongly in our thought process. Inconceivable that, inconceivable the power of cyber. But as you say, you can take out, you can take out, you can make countries nonfunctioning with a strong use of cyber. I don’t think we’re there. I don’t think we’re as advanced as other countries are, and I think you probably would agree with that. I don’t think we’re advanced, I think we’re going backwards in so many different ways. I think we’re going backwards with our military. I certainly don’t think we are, we move forward with cyber, but other countries are moving forward at a much more rapid pace. We are frankly not being led very well in terms of the protection of this country.

Trump appears to be making three points here: first, that the US is “obsolete in cyber”; second, that the US can’t even tell where attacks are coming from; and third, that “the power of cyber” is “inconceivable” and should figure “very strongly in our thought process.”

That latter point is hard to argue with. Cyberweapons are indeed mind-bending: Look no further than Stuxnet, a US and Israeli cyberattack that caused Iranian nuclear centrifuges to spin out of control and destroy themselves. It was a landmark moment for state-on-state cyberattacks.

But his first two points are, as far as conventional wisdom goes, far wide of the mark. The US is in fact believed to have the most powerful arsenal of cyberweapons of any country. Its specific capabilities are a closely guarded secret, but the government is likely hoarding knowledge of vulnerabilities and security flaws that it could use to inflict damage on other countries’ computer systems—sort of like a reserve of warheads ready to be deployed.

And while attributing cyberattacks to a country or an individual is indeed one of the more difficult aspects of cyberwarfare—far trickier than figuring out where a missile was fired from, for example—the US has gotten pretty good at it. Soon after Sony Pictures Entertainment became the victim of a massive hack in 2014, for example, US officials pointed fingers at North Korea. The government was able to come to that conclusion because it had been spying on North Korean networks since 2010, The New York Times reported.

More recently, the Justice Department has embarked on a name-and-shame campaign, bringing public charges against foreign state-sponsored hackers who attack US government and private sector computers. It began in 2014, when the department placed five members of China’s People’s Liberation Army on a list of most-wanted cybercriminals for stealing trade secrets. In the past two weeks, two Syrians and seven Iranians have been charged and added to the list.

When Trump bemoans an “outdated” the US cyber-arsenal, he might be thinking instead of the sorry state of America’s cyber-defenses. Its shortcomings were made incredibly clear by the Chinese attack on Office of Personnel Management servers in 2015, when hackers gained access to the private information of 22 million people. Numerous other attacks on government systems and email servers have proved the government’s difficulty keeping digital information safe.

Trump certainly isn’t the only presidential candidate without a meaningful cybersecurity and cyberwar platform. A Wired summary of the contenders’ positions showed that all of them have painted their positions in very broad strokes, if they’ve even taken one.

But whoever takes over the Oval Office in 2017 will be handed more than just the country’s nuclear codes. The next high-stakes raid may not involve an elite team of Navy Seals, but rather hinge on vulnerabilities in an enemy’s computer code—so presidential hopefuls had better start wrapping their head around the “inconceivable power of cyber.”

Ein News: http://bit.ly/1S4QdmZ

« UK Investigatory Powers Bill Will Cost £1bn To Implement
Were Brussels Terrorists Trying To Build 'dirty bomb' »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Zentek Digital Investigations

Zentek Digital Investigations

Zentek has been providing digital forensics services to the public and private sector for computers and mobile devices since 2004.

Techmeme

Techmeme

Techmeme is an online news curation service focused on leading edge technology, including cyber security.

Alliance for Cyber Security (ACS)

Alliance for Cyber Security (ACS)

An alliance of all major players in the field of cyber security in Germany with a mission to strengthen Germany’s resistance to cyber-attacks.

Greenbone Networks

Greenbone Networks

Greenbone Networks delivers a vulnerability analysis solution for enterprise IT which includes reporting and security change management.

Navarino

Navarino

Navarino is the maritime industry’s most advanced communications and connectivity company. We develop advanced technologies and innovative IT solutions including cyber security.

Zerodium

Zerodium

Zerodium is the leading exploit acquisition platform for premium zero-days and advanced cybersecurity research.

Depth Security

Depth Security

Depth Security assessment services provide organizations with real-world visibility into threats facing their infrastructure and applications.

SafeTech Informatics & Consulting

SafeTech Informatics & Consulting

Safetech's OTShield detects, prevents and analyses cyber-attacks in SCADA and Industrial IoT systems by utilising state of the art deception techniques.

M2MD Technologies

M2MD Technologies

M2MD Technologies offers solutions optimized for cellular IoT that provide stronger security, reduced costs, enhanced user experience, and ultimately generates higher returns for stakeholders.

Fifosys

Fifosys

Fifosys is a professional technology infrastructure specialist, delivering a broad portfolio of high quality technical and strategic managed services.

nsKnox

nsKnox

nsKnox is a fintech-security company, enabling corporations and banks to prevent fraud and ensure compliance in B2B Payments.

Nasuni

Nasuni

The Nasuni File Data Platform offers the protection, detection, and recovery of file shares from ransomware attacks or random disasters within minutes.

Quarkslab

Quarkslab

Quarkslab is a dedicated team of cyber-security engineers and developers. We aim at forcing the attackers, not the defender, to adapt constantly.

Diversified Search Group - Alta Associates

Diversified Search Group - Alta Associates

Diversified Search Group is an industry leader in recruiting diverse, inclusive and transformational leadership for clients.

Sonar

Sonar

AI generated or written by humans, Sonar’s Clean Code Solutions cover your code quality needs, improving code reliability, maintainability, and security.

Blue Goat Cyber

Blue Goat Cyber

Blue Goat stands at the forefront of cybersecurity, particularly in medical device security and penetration testing.