Trump must make cybersecurity a priority to keep America safe
As we march into inauguration season, all eyes are on Donald Trump for many reasons, including the impact his election will have on cybersecurity. This month, the FBI agreed with the CIA that Russia hacked into American servers and interfered with the election.
The findings should make all of us aware that the threat of data breaches poses a risk to everyone, from government to big business to individuals.
Yahoo, once the most popular website in the United States, suffered catastrophic damage when it recently disclosed that a massive security compromise resulted in the release of more than 1 billion user accounts. The acquisition of Yahoo by Verizon, planned for early 2017, is now in a precarious position.
The Yahoo breach has even greater implications for individuals. The data was said to contain recovery and personal details. Once those are exposed, they can’t be corrected as easily as resetting a password. This may seem innocuous to most users who rarely access Yahoo email or haven’t accessed these accounts in years, but that is dangerous thinking. If you’ve ever had a Yahoo account, or any Yahoo-associated account, such as Flickr and Tumblr, you should change your password on those sites.
Yahoo wasn’t the only 2016 hack that affected high-profile companies and individuals.
The hacked emails of Hillary Clinton campaign chairman John Podesta originated from an email account that was compromised through Gmail, which is integrated with Google’s cloud storage. It doesn’t take a foreign government to mastermind such an attack. In fact, Google has been compromised many times.
{mosads}Just last month, more than 1 million Google Android devices were infected with Gooligan, malware that roots a phone and allows the third party to copy the Google secret keys, or tokens, which authenticate users into all of Google’s cloud services, such as Gmail and Drive.
Once these are compromised, the user can be spoofed by the hackers. Unfortunately, it appears Google has already been through a similar attack and failed to stop it before it evolved into the current version, as the Gooligan hack is a spinoff of Ghost Push, which was released as early as September 2015.
Of course, that is just one among many examples that affects the common user. But our government officials are at risk, too. The national intelligence director’s email account was compromised, as well as that of the CIA director. These breaches ultimately have the potential to put our national security at risk.
There’s no question that citizens, businesses and government agencies are seeing and experiencing hacks at an increasingly alarming rate. We need to accept that the landscape where hacks and cybersecurity breaches exist is our reality now. The question remains how we will deal with the challenges this new normal presents.
The outgoing administration has shown an appreciation of the gravity of the cybersecurity threat. Earlier this month, President Obama called it “one of the greatest challenges we face as a nation.” Moreover, the proposed 2017 budget includes an increase of more than 35 percent in cybersecurity resources.
This is the kind of messaging and action that shows we’re serious about making strides toward safer data, both inside and outside of government.
Based on what I know about the threat of cybersecurity breaches on most of us in this country, or at least those of us who use any technology, we must expect the Trump administration to make cybersecurity a top priority by ensuring further investment in research and development initiatives to enhance cybersecurity policies.
Trump’s administration must also take part in public-private partnerships, in which government agencies such as the Commission on Enhancing National Cybersecurity and large cloud-based providers such as Google or Amazon work closely together to protect data and ensure the general public has the latest and best information on cybersecurity practices.
Trump must also press for information sharing between intelligence communities, including outside the United States, to quickly identify and destroy hacker cells that target from afar.
Ultimately, technology, not policy, will be a large part of the solution. The transition of storing and sharing information via these large clouds into local home-based servers, or “clouds in your attic,” give users the same capabilities, only without the dangerous vulnerabilities that these large companies continue to struggle with time and time again.
The hope is that the recognition of our cybersecurity threat—and robust proposals to combat it—will continue as the next administration moves in. Meanwhile, it becomes clearer that private citizens need to, and will, make their own security-minded changes.
Will Donaldson is chief executive officer of Nomx, a technology that allows clients to host their own secure email servers on their own networks, ensuring communication privacy. He served as a United States Marine Corps webmaster at the Pentagon.
The views of Contributors are their own and are not the views of The Hill.
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. Regular the hill posts