The national security nightmare the candidates aren’t talking about
Presidential hopefuls remain mum about keeping America safe from hackers
By Adam Levin, Special to ThirdCertainty
Whether you love it or it makes you want to move south of the border, Donald Trump’s Great Wall of Mexico is an idea whose time has come.
That said, the Republican presidential candidate has a few things wrong.
First, The Donald’s wall is misnamed. It should be called the Great Cyber Wall of America or the American Cyberdome or, at any rate, something denoting a digital information and communication protection system.
The second thing Trump has wrong is functionality. The wall America needs should not be effective at keeping immigrants from entering our great nation. It needs to protect us from the vast array of hostile hackers who wish to do us harm from both within and beyond our sovereign borders—be they state-sponsored, terrorist, in pursuit of some cause, or simply precocious teenagers. It needs to protect every inch of coastline and border we have in three dimensions. And it needs to do this reliably.
Why a cyber wall matters
In 2007, Estonia, the “most wired nation in Europe” experienced something unprecedented: denial-of-service attacks that crippled the country. Wave after wave of attacks targeted government websites, Estonian newspapers, universities and banks. It wreaked havoc. The government took the extraordinary action of blocking international Web traffic—effectively isolating Estonia from the rest of the world during a portion of the attacks. Suddenly, the assault stopped as quickly as it started, but while it lasted, there were riots in the streets.
Those denial-of-service attacks were in retaliation for the Estonian government’s decision to remove a Soviet-era war monument. Increasingly, ideology is driving more fervent fights and drastic measures in the world.
Around Christmas in 2015, parts of the Ukraine started experiencing blackouts. Large swaths of the population lost electric power, all of them in areas associated with the opposition to the Russian annexation of the Crimea and pro-Russia separatists. The blackouts were caused by hackers. To date, nothing has been proven about who was sponsoring them. The only fact in evidence is that a Trojan called BlackEnergy was used, and the initial penetration into the power companies was achieved through social engineering (also known as trickery and/or deceit in combination with all-too-fallible humanity). In this case, the social engineering took the form of spear phishing—an employee was sent an email that appeared legitimate, they clicked an attachment, and, quite literally, all hell broke loose.
Because many cyber attacks have a social engineering aspect, there is a tendency in the data security community to assume that there is no cure-all for the cyber insecurity that ails us worldwide. But, regardless, it is a problem in dire search of a solution.
Just last week, National Security Administration Director Michael Rogers stated our need for better protections when he said it was a question of “when, not if” state-sponsored hackers decide to take out parts or the entirety of our power grid, our communications and our emergency response systems. Doubtless, banks and other financial organizations are tasty targets as well.
Meanwhile on the campaign trail
This election season we haven’t heard a whole lot about cybersecurity (or the lack thereof), which boggles the mind. After all, the barbarians are no longer knocking at the gate. They are crawling through millions of investigative reports at the Office of Personnel Management, harvesting tens of millions of Social Security numbers in the breached files of our health insurers, burrowing into countless bank accounts and medical files, rifling through our travel plans, diverting billions of tax refund dollars from the IRS and (doubtless) exploring various avenues into our power grid.
Yet there has been barely a peep on the campaign trail, save former Sen. Jim Webb—who, as you will no doubt remember, was quickly dispatched to the scrap heap of presidential election history.
Instead, we are witness to a heated debate about the size of a candidate’s hands, and get “Big Donnie” and “Little Marco” sniping at each other like eighth-graders who have a crush on the same person while Hillary Clinton tries to sound more like Bernie Sanders without alienating Wall Street. Meanwhile, Bernie keeps delivering the same stump speech despite a horde of super delegates who plan to make Hillary the Democratic nominee regardless of his performance in the primaries.
I don’t just blame the candidates. The media has had a hand in this. Les Moonves summed up part of the problem recently when he said that this crazy election “may not be good for America, but it’s good for CBS.”
In an era of reality-show politics, why would anyone with any skin in the game want to risk losing the eyes and ears of Americans because they talk about something substantive like cybersecurity? Unfortunately, just as convenience often trumps security in this day and age, the failure to intelligently discuss and debate various approaches to keeping our nation cyber safe is a major opportunity loss for the U.S.
Adam Levin is chairman and co-founder of Credit.com and IDT911. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit.
Full disclosure: IDT911 sponsors ThirdCertainty. This story originated as an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.
More on data security and identity theft:
Identity Theft: What You Need to Know
3 Dumb Things You Can Do With Email
How Can You Tell If Your Identity Has Been Stolen?