Trump to Face Major Cyber Security Challenges
Former Director of National Intelligence James Clapper
Photo: Defense Dept.As top U.S. intelligence officers state that Russia engaged in a major cyber campaign to influence the 2016 election, experts are mulling over how President Donald Trump will tackle cybersecurity issues during his administration.
During his campaign, Trump said cyber matters would be an immediate and top priority for his administration.
Trump plans to order an assessment of all U.S. cyber defenses and vulnerabilities by a review team made up of individuals from the military, law enforcement and private sector, he said on his campaign website.
“The cyber review team will provide specific recommendations for safeguarding different entities with the best defense technologies tailored to the likely threats,” he said.
Trump also plans to beef up the nation’s offensive cyber capabilities to mitigate attacks from state and non-state actors and wants to “enhance” U.S. Cyber Command.
In December, Trump appointed Thomas Bossert as his administration’s assistant to the president for homeland security and counterterrorism, which will have a heavy focus on cybersecurity.
In a statement, Bossert said the administration must focus on drafting a cyber doctrine that “reflects the wisdom of free markets, private competition and the important but limited role of government in establishing and enforcing the rule of law, honoring the rights of personal property, the benefits of free and fair trade, and the fundamental principles of liberty.”
This attention on cybersecurity comes at a time of unprecedented growth in network intrusions and espionage.
During a hearing of the Senate Armed Services Committee in January, Adm. Michael Rogers, commander of Cybercom and director of the National Security Agency, said the capabilities of many major nation-states are growing.
“I can’t think of a single significant actor out there who is either decreasing their level of investment, getting worse in their trade craft or capability, or in any way backing away from significant investments in cyber,” he added.
More than 30 countries are developing offensive cyber attack capabilities, according to a joint statement from Rogers, then-Director of the Office of National Intelligence James Clapper and Marcel Lettre II, the under secretary of defense for intelligence.
“Iran and North Korea continue to improve their capabilities to launch disruptive or destructive cyber attacks to support their political objectives,” Clapper said.
Russia is now a near-peer competitor, Rogers added.
The United States will need to increase its investment in information warfare as it faces cyber attacks from Moscow, Clapper said.
The Kremlin was behind a series of cyber attacks that sought to influence the 2016 presidential election, he said. It also orchestrated a wave of “fake news” to attempt to sway voters.
“This was a multifaceted campaign,” he said. “The hacking was only one part of it and it also entailed classic propaganda, disinformation, fake news.”
The United States must counter such actions by revamping its own infowar machine and potentially reopening the United States Information Agency, he said. The USIA — which existed from 1953 until 1999 — was a foreign affairs agency that focused on public diplomacy.
“I do think that we could do with having a USIA on steroids,” Clapper said. “[We could use] the United States Information Agency to fight this information war a lot more aggressively than I think we’re doing right now.”
SASC Chairman Sen. John McCain, R-Ariz., agreed with Clapper. “One of the areas where we’re lagging and lagging more than any other areas is social media,” he said. “We know these young people in the Baltics are the same as young people here. They get their information off the internet and we have really lagged behind there.”
In an unclassified report released by Clapper’s office in January, the Office of National Intelligence said that Russia hired internet “trolls” to work on its behalf.
“Russia’s state-run propaganda machine — comprised of its domestic media apparatus, outlets targeting global audiences such as RT and Sputnik, and a network of quasi-government trolls — contributed to the influence campaign by serving as a platform for Kremlin messaging to Russian and international audiences,” the report said.
There is widespread agreement in the intelligence community that Russia was behind this past summer’s Democratic National Committee hack that exposed private emails, Clapper said. He noted that Russia continues to attempt to infiltrate U.S. networks.
A December paper titled, “Report on Securing and Growing the Digital Economy,” by the Commission on Enhancing National Cybersecurity — which was established by former President Barack Obama — said Trump and Congress should work together to expedite the development of new cyber technology for the federal sector.
Ted Johnson, a fellow at New America, a Washington, D.C.-based think tank, and the defense and national security research manager at the Deloitte Center for Government Insights, agreed that new technology would be important for the Trump administration.
“His priority when it comes to cyber and the … private sector will be to acquire new technologies and innovation from the private sector for use in the public sector at a very rapid pace,” he said.
If the Defense Department wants to purchase a new product from a company, it often faces a long, red tape-filled road before it can acquire it, Johnson said.
“I think he will do everything in his power, and I think he will have a willing partner with Sen. McCain, and Sen. Jack Reed, [D-R.I.], on the SASC, to really expedite the acquisition of new technologies particularly for cybersecurity that the federal government can put to use to secure the nation.”
Mark Testoni, president and CEO of SAP National Security Services, a company that provides software, services and support to U.S. national security and critical infrastructure companies, said reaching out to the private sector will be important for Trump.
He noted that the then president-elect met in December with leaders of Silicon Valley companies such as Jeff Bezos of Amazon, Tim Cook of Apple and Sheryl Sandberg of Facebook.
“Commercial capabilities in our estimation are going to be really important” to cybersecurity issues, Testoni said. “There are solutions that are being developed in places like Silicon Valley and Austin, Texas and Boston, Massachusetts and a few others that are trying to get at some of these problems and how do we more readily adapt them inside government.”
“Bringing the great minds of this country together around this problem is going to be the solution,” he said.
The Commission on Enhancing National Cybersecurity said establishing partnerships would be key. “Joint collaboration between the public and private sectors before, during and after a cyber event must be strengthened. When it comes to cybersecurity, organizations cannot operate in isolation.”
On the policy front, Trump must be careful to avoid outdated ideas, said a report by the Center for Strategic and International Studies’ Cyber Policy Task Force titled, “From Awareness to Action: A Cybersecurity Agenda for the 45th President.”
“Statements about strengthening public-private partnerships, information sharing or innovation leads to policy dead ends. Many date back to the 1990s. Once-powerful ideas have been transformed into clichés. Others have become excuses for inaction,” the report said.
Rather, the next administration must draft and implement policies that fit within the current environment. It needs to produce “measurable improvements in the performance of companies and government agencies,” it said.
The cyber environment has changed substantially since 2009, the report said. During that time, “there has been an erosion of American influence” in the domain, it said. Russia has become a significant threat, and hacks from Iran, North Korea and China “reflect a growing willingness to use cyber tools against us.”
“A deteriorating situation for international security means that the next administration will face continued losses from cyber crime and espionage, threats to personal information and company data, the possibility of politically coercive cyber acts and the risk of disruption or attack on critical infrastructure,” the report noted.
It recommended that the Trump administration take a new approach to international relations. It must establish an updated strategy for coordinating with likeminded nations and “swing states” such as Brazil and India on cybersecurity issues.
Trump “will need to decide when it is worth pursuing agreements that require global support and those where agreement is only possible among like-minded nations,” the report said.
“Measures focused on reducing the risk of escalation or misunderstandings will appeal to Russia and China, who fear American power in cyberspace and the domestic political threat the internet creates for them. Measures that define responsible behavior to include support for human rights and constraints on cyber crime will not appeal to them,” the report said.
The administration will also need to find new ways to deter attacks, and it cannot solely rely on the threat of military force, the report said. Sanctions and indictments can be powerful deterrents, it added.
“The combination of indictments and the threat of sanctions led China to agree to end commercial espionage,” the report said.
Clapper agreed that such attacks have dropped: “The intelligence community and security experts … have observed some reduction in cyber activity from China against U.S. companies since the bilateral September 2015 commitment to refrain from espionage for commercial gain.”
Riley Walters, a research associate at the Douglas and Sarah Allison Center for Foreign and National Security Policy at the Heritage Foundation, a Washington, D.C.-based think tank, said it would be important for Trump to have a measured response to potential cyber attacks.
“I would hope that his response is proportional and mediated,” he said. “It’s not just a ‘he hit me, so I need to hit him harder.’ … Hitting cyber with cyber, you get into this tit-for-tat mentality.”
However, Trump has advisors around him that would likely temper his response, Walters noted.
Topics: Cyber, Defense Department, DOD Leadership, DOD Policy