Technologists and security experts have been warning recently about the potential danger’s of President-Elect Donald Trump’s plans for cybersecurity. A recent survey by the Christian Science Monitor of “160 current and former government and intelligence officials, and leaders from the private sector and advocacy community” showed that 75% said “they do not believe cybersecurity will improve with the Republican in the Oval Office.”
Several prominent experts and former officials among the respondents expressed doubt in Trump’s understanding of the issues and his ability to surround himself successfully with qualified experts who do. Former director of CIA and NSA, Gen. Michael Hayden (ret), said, â€œI voted no simply because the president elect himself has shown no interest in understanding the issue.”
Similarly, Peter Singer of the Brookings Institution and author of Cybersecurity and Cyberwar: What Everyone Needs to Know, said, â€œIt is hard enough for government to recruit and retain talent, especially in a field like cybersecurity. It just got bigly harder.â€
In a recent piece for Forbes, David Cowan, who co-founded VeriSign, strikes a more ominous tone. Based on Trump’s statements so far, Cowan warns, “The impact on national security will be dire.” He believes that for Trump “the nationâ€™s true [cyber] enemies lurk within the American homeland,” not Russia or China. A Trump cybersecurity policy will likely amount to what Cowan calls “stop-and-frisk in cyberspace.” He expects that we will see “federal agencies redirect their formidable arsenals away from foreign and toward domestic surveillance.” A GOP-controlled Congress and judges appointed by Trump, he argues, will do little to stop such a scenario.
Finally, though I am not usually a fan of such hyperbolic cyber-doom rhetoric, I can only laugh with pleasure when I hear Cowan describe how Trump’s cybersecurity policies might be the thing that finally brings about a “cyber 9/11.”
President Trumpâ€™s deregulatory policies will jeopardize not only privacy, but also national security. Our homelandâ€™s greatest vulnerability may well be the cyber threat to our critical infrastructure, potentially disrupting life-support services like power and water. Furthermore, a single breach of a water treatment facility, dam, or nuclear reactor can directly kill millions of people â€“ a cyber 9-11. And yet today most of the nationâ€™s utilities run un-patched software on industrial control systems that remain defenseless, awaiting NERC cyber regulations to kick in next year. A four-year reprieve from these rules by Trumpâ€™s administration will expose the U.S. to a massive terrorist attack, and open the door for Russia or other nations to embed cyber bombs in our machinery for future activation. Even if the Defense Department can accurately attribute such attacks, they can only retaliateâ€”they cannot prevent them.
To be fair, a few respondents to the CSM Passcode survey were optimistic that things would get better under a President Trump. But they all commented on condition of anonymity. I was more persuaded by the “optimism” expressed by Princeton’s Elana Zeide, however.
And some privacy advocates said they thought Trump himself could be the reason people fortify their digital defenses â€“ in opposition to his embrace of surveillance and government access to encrypted communications. â€œTrumpâ€™s pro-surveillance campaign statements,â€ says Elana Zeide, a privacy expert at Princeton Universityâ€™s Center for Information Technology Policy, â€œgive everyone more incentive to secure their communications.â€
Indeed, I have seen this with my own students here at the University of Utah where I am teaching a course this semester on “Information Technology and Global Conflict.”We just finished a series of lectures–at student request–offering a primer on personal digital privacy and security. They had not been on the original schedule. It’s not just my students either. We see evidence nationwide of people taking action to secure their communications, such as an increase in installations of encrypted communications apps.