Neither Donald Trump nor Joe Biden would be a cybersecurity nightmare. It is one of those areas that are likely to have strong support on both sides of the political aisle, cybersecurity expert Alan Brill told CyberNews.
Brill reckons that, regardless of the outcome of the elections, cybersecurity and its importance to our way of life will be recognized across the political spectrum and will receive support.
“I think that, regardless of what we hear, there is recognition on both sides of the aisle that there is no such thing as 100% cybersecurity, and that the adversaries of our country have recognized that cyber is a very valid and effective form of warfare,” Alan Brill, Senior Managing Director at Kroll, a Division of Duff & Phelps, told CyberNews.
Have you noticed any abnormalities from your point of view, from the cybersecurity point of view?
The thing that we’ve seen in the run-up to the election was that while there was apparently some minor targeting election systems, which resulted in a reaction from US Cyber Command. When we saw election systems affected, it appeared that municipal government systems were being attacked by ransomware. What we are looking at now, in the post balloting timeframe, is the use of social media by foreign governments to put out disinformation to cast doubt on the electoral process, and in doing so to damage democracy.
Do you notice any similarities with the election of 2016?
If we use 2016 as kind of a baseline, it’s pretty evident that adversaries have become much more sophisticated in the use of social media to support their disinformation campaign. They’ve become very good at establishing fake identities faster than they can be taken down by the vendors. It’s a combination of stories that they create and then put out on social media platforms and broadcasting false claims made by candidates which they can amplify and which they can use as the basis for further disinformation. It’s clear to me, at least, that over the past four years, that social media has become more central to the way that people ingest news, that adversaries have understood that.
I think that, regardless of what we hear, there is recognition on both sides of the aisle that there is no such thing as 100% cybersecurity, and that the adversaries of our country have recognized that cyber is a very valid and effective form of warfare,said Alan Brill.
We saw some fake media accounts that were taken down by Twitter and Facebook. Do you consider this misinformation campaign of significant scale?
It is extraordinarily easy to establish accounts, to establish a web presence. Some of the controls that we have had traditionally since the beginning of the internet, for example, there’s internet service WHOIS, which enabled you to put in a URL and find out who registered it.
It was very important in investigating truth vs. fiction, reality vs. artificial accounts, and because of the interpretation of the European Union’s General Data Protection Regulation (GDPR), that has basically gone away. It has become harder for both individuals trying to find out who is spreading the story and the social media organizations trying to trace who is doing things, and that’s slowed down the process by which you can close down accounts, take over accounts, and police cyberspace.
Who – Biden or Trump – would be a better president for developing the cybersecurity industry? We just saw Trump saying how nobody gets hacked, and getting hacked twice in one week.
Regardless of what we hear, there is recognition on both sides of the aisle that there is no such thing as 100% cybersecurity. The adversaries of our country have recognized that cyber is a very valid and effective form of warfare.
So I think what you saw in the past few days of action taken by the US Cyber Command, the work that has been done over the past four years by the Homeland Security department, they stood up the CISA organization (The Cybersecurity and Infrastructure Security Agency was established on November 16, 2018) to work on cybersecurity, and the federal government has worked with state and local governments to strengthen the cybersecurity infrastructure, particularly of election systems and critical infrastructure.
Frankly, I think that cybersecurity is one of those areas that are likely to have strong support on both sides of the aisle. Today’s target may not be the same as tomorrow’s target. But the one certain thing is that cyber has become a very active domain for political action warfare, and warfare is not going to stop.
Have you heard of or seen actual statements about the cybersecurity domain in the presidential campaigns?
When you look at the recent hearings on disinformation in social media, both sides were very upset by what’s been going. That really leaves me to think that there is an understanding that this is something that is going to probably get bipartisan support for programs to strengthen our systems.
In the federal government, there’s been a program ongoing for years to strengthen the cybersecurity of federal systems.
It is now going to include a more effective scoring system to enable managers to see how they are doing and to see how vendors are doing when it comes to cybersecurity. The continued growth and support for the US Cyber Command, which works with Homeland Security and the Military, represent a very strong statement of support for cybersecurity. I think, regardless of the outcome of the elections, that trends of recognition of the real central importance of cybersecurity to our way of life is going to be seen by everyone across the political spectrum and will receive support.
What should be done with respect to voters’ privacy in the upcoming four years? We’ve recently seen huge databases of American voters on Russian hacker forums, and they contained sensitive information.
If you review the state-level election laws and the regulations that implement those laws, most people are surprised that voters’ data is either available free or can be purchased from governments. That data includes things like names, addresses, party affiliations, voting history – not who you voted for but that you voted in the primaries and, in some cases, phone numbers and voter ID numbers. That’s commercially available, and you don’t have to hack that data – you can buy it.
While a limited number of election databases have been hacked, the reality is that a lot of that data is commercially available and is legally required to be commercially available under state election laws.
So it is not going to change easy, and any time soon?
There are reasons that data has to be non-private. For example, during the campaign, those people receive advertisements in the mail from different candidates and different political organizations. Each of those items is addressed to you. It has your name, your address, and that data has to come from somewhere.
The accurate data about registered voters are in the hands of government election authorities, and historically that information has been considered to be something that has to be made available either for free or on a prepaid basis. That has been the rule for many decades, and you have to look at a desire for privacy with regard to these laws and end up deciding as to whether in a given state there are enough controls over how data is distributed and exactly what elements of data are distributed.