Russian Distraction Obfuscates U.S. Cyber Failures
Preparedness for hack attacks remains woefully inadequate as leaders beat chests at Moscow
It’s hard to figure out who has the most chutzpah — Sen. Lindsey Graham, Sen. John McCain, or Director of National Intelligence James Clapper.
In a weirdly arranged Senate Armed Services Committee meeting last Thursday, Clapper managed to dodge any responsibility for the state of our national cybersecurity preparedness, while at the same time critiquing incoming President-Elect Trump for disparaging the credibility of the U.S. intelligence community.
Not only has Trump not been undermining anyone, he has been the only political candidate during the past twelve months who has raised the criticality of the cybersecurity issue.
This meeting to allegedly discuss global cyberthreats focused almost entirely on the now-tired story of the alleged Russian hacking during the presidential elections. If you have been following all of this nonsense, you will not be surprised to learn that both McCain and Graham used the venue to “warn” incoming President Trump not to “undermine those who are serving our nation in this arena” and instead to find ways to uplift them.
These are the same people whose oversight led to the disastrous cyberattack on the Office of Personnel Management attributed to the Chinese two years ago where 21.5 million personnel records, including fingerprints of all secret agents operating in global espionage roles on behalf of the US government, were exposed. I can see why they might need some uplifting.
Not only has Trump not been undermining anyone, he has been the only political candidate during the past twelve months who has raised the criticality of the cybersecurity issue and our need to address it urgently. In fact, our current president seems to have only just now realized that we might have a problem here, and of course has used it for his political purposes in a pathetic display of his wilting authority by bouncing a bunch of Russian diplomats back to the homeland for the holidays — or at least until Trump takes office.
I'm not a Putin lover, but it's hard not to admire his jujitsu move in ignoring the president's knee-jerk tantrum and flicking the metaphoric fly away from his lapel.
McCain managed to come alive long enough to lurch in with some phony outrage, declaring that "every American should be alarmed by Russia's attacks on our nation and that this committee is meeting in the aftermath of an unprecedented attack on our democracy."
Ignoring the now-overwhelming lack of evidence that the hack was originated by the Russians, it was surely not unprecedented nor was it an attack on anyone's democracy. But McCain seems to have been largely asleep for the past few years and has obviously not noticed that this hack was one in a series of countless attacks on our businesses and government agencies — attacks that are part of a growing trend of cyberthreat that neither sector has been willing to acknowledge or deal with directly.
As you might recall, China, Iran, North Korea, and many others have all hacked U.S. government agencies, businesses, and citizens over the last few years while Obama, McCain, Graham, and Clapper stood by and did nothing.
Apart from simply creating another junk heap that the incoming Trump administration will need to clean up when it sets up camp, the Obama petulance and this farcical committee hearing did nothing to address the true cybersecurity problem, which is a complete failure on the part of the current administration to address our looming cybersecurity crisis for the past eight years.
It is indeed a crisis and just as we failed to pay any attention to multiple advanced warnings of terrorist attacks on the U.S. before 9/11 or the emerging development of ISIS since 2012, we have also failed to adequately protect our digital assets and, perhaps more importantly, the physical infrastructure upon which the entire country depends.
No one in charge has done anything to protect or defend the sixteen critical infrastructure sectors in the U.S. These include all of our chemical, communications, electrical, defense, energy, nuclear, food, financial, agricultural, transportation, and water systems.
Iran has disabled our online banking system over the last two years with denial-of-service attacks repeatedly affecting institutions and businesses including the Bank of America, the Nasdaq composite index, the New York Stock Exchange, Capital One, AT&T, and PNC Bank, causing tens of millions of dollars in losses. They crashed the commercial sites of 46 U.S. financial institutions on a near-weekly basis, leaving hundreds of thousands of customers unable to access their bank accounts online — yet we heard nothing from any of these career politicians, nor did we send any Iranian diplomats packing.
The alleged Russian hacking of the Democratic National Committee is not cyberwarfare nor should it be the focus of our attention. What we should be doing instead is recognizing that all of our core systems are critically vulnerable and we should be forming a Manhattan Project to rapidly correct not just the specific vulnerabilities in our infrastructure but to identify and put in place the technologies necessary for defense and the policies that we will rely on to guide our responses to real cyberattacks in the future.
Donald Trump is the only guy in the conversation who has consistently decried the allegations that it was Russia who did this most recent hacking, while calling for practical and measured cybersecurity responses and recommending that the national cybersecurity mission be moved to the Department of Defense, where it surely belongs.
Calling for an end to the politics surrounding the Democrats' emails, Trump has urged his incoming team to immediately begin working on what he correctly characterizes as a deadly serious threat to our national security. Like him or not, it is good to have a grown-up in the room for a change.
Steve King is the COO and CTO of Netswitch Technology Management.