U.S. needs leadership on cybersecurity
In a presidential campaign where each turn seems to bring some twist that’s never been seen before, the biggest unprecedented development is also probably the worst.
And that is America’s repeated harm and humiliation at the hands of hackers — sponsored or controlled by our biggest geopolitical adversaries.
Americans need leadership and guidance on this decisive issue, and they aren’t getting it.
The latest example? The cybersecurity of the National Security Agency was breached, some of its own powerful hacking tools posted on the internet. No ragtag band of basement bad guys could have pulled off such a feat. Edward Snowden joined other cyber experts in pointing the finger at Russian operatives. Although Snowden’s reliability as an analyst has been called into deep question by the intimacy and secrecy of his relationship with Moscow, the NSA hack is just one of a string of extraordinarily and increasingly brazen attacks, many of which bear the mark of Russian responsibility.
But America’s two party leaders, Donald Trump and Hillary Clinton, suffer from a pronounced lack of credibility on cybersecurity, and they have shown no indication that they can lead on it. It wasn’t until Friday that Trump freed himself of campaign manager Paul Manafort, whose shady Ukrainian dealings fueled nagging allegations about Trump’s own relationship with Russian interests. And Clinton has struggled to project confidence and competence in the wake of Russia’s other recent cyber-coup — a string of systemic hacks targeting the Democratic Party.
For the Clinton campaign, bedeviled by the personal scandals around her unsecure private server and her involvement in pay-to-play schemes funding her family foundation, this failure is particularly galling. In a stark sign of how flat-footed Democrats have become under her leadership, Clinton ally and interim DNC chair Donna Brazile responded to the party hacks by swiftly assembling a cybersecurity advisory board lacking in members with significant practical cybersecurity experience.
These political performances, part tragedy and part farce, are playing out against a backdrop of even more massive breaches over the past few years. Many have adopted an air of resignation over last year’s pilfering by China of Office of Personnel Management records, placing at risk the personal data of millions of Americans in and out of government — data that must now be assumed to be shared at Beijing’s pleasure. And the persistence of Wikileaks, a group now widely agreed to be at least collaborative with Russian intelligence, poses an ongoing threat to the privacy and security of American and allied officeholders, policymakers and military officials at the very highest levels of government.
It is painfully evident that U.S. cybersecurity is a work in progress. The task is complicated, in a way Russia’s or China’s is not, by Americans’ insistence (so far) on robust civil liberties protections. But the situation cries out for a single executive to take ownership of the challenge and communicate a clear, compelling approach to the public and private sector. It’s just not good enough to make do with the sprawling, disorderly, and not always up-to-date regimes providing patchwork coverage for America’s most sensitive information. But this election season, none of today’s presidential candidates have earned the public trust on cybersecurity, and come November, one of them is going to win.