Opinion: Trump has a point about 'the cyber'
In between news coverage of Hurricane Matthew and reactions to the , the聽Department of Homeland Security and the Office of the Director of National Intelligence released 聽last week accusing Russia of orchestrating cyberattacks to interfere with US elections.
This marks only the fourth time that the US has formally accused a nation of聽digital breaches. The first was in December 2014 when of orchestrating the devastating Sony Pictures attack. In May of that year, the Justice Department five Chinese military officers for several cyberincidents at US nuclear power, metals, and solar products companies.
Earlier this year, the Justice Department聽聽against seven Iranians who supposedly carried out distributed denial of service, or DDoS, attacks against US banks and apparently illegally accessing control systems聽at a small dam in Rye, N.Y.听
In all four cases, the US government presented the accusations to the American public without聽supporting evidence. And, that's a problem. It's something that Mr. Trump has latched onto, casting doubts about Russia's involvement in recent attacks, and raising the level of skepticism whenever the US points the finger following cyberattacks.
"As far as the聽cyber,聽I agree to parts of what Secretary Clinton said. We should be better than anybody else, and perhaps we're not.听I don't think anybody knows it was Russia that broke into the [Democratic National Committee].听She's saying Russia, Russia, Russia, but I don't 鈥 maybe it was.听I mean,聽it could be Russia, but it could also be China.听It could also be lots of other people.听It also could be somebody sitting on their bed that weighs聽400 pounds, OK? You don't know who broke into DNC," Trump said during the聽.
And even after the US officially blamed Russia for the DNC hack, Trump said this during : "She doesn't know if it's the Russians doing the hacking. Maybe there is no hacking.听But they always blame Russia."
While the idea of the 400-pound hacker has become a pretty humorous meme聽(see and ) among information security professionals, Trump is actually onto something. As far as the American public can tell, since the US government hasn't revealed its evidence against Russia, China, or Iran, he might be right.听
According to NBC News,聽 called Trump's statements聽willful misrepresentations, claiming that both candidates had been briefed on the situation. This may be true, but the聽US public hasn't received any briefings.
There's a long history of blaming "hackers" without聽evidence. In 1995, the government blamed famed hacker Kevin Mitnick for breaking into North American Aerospace Defense Command (NORAD). At the time, the claims聽seemed fanciful and were later .听
In 1999, British news reports 聽hackers for commandeering a military satellite and holding it for ransom. That turned out to be wrong, too. Richard Clarke, former US cyber czar,聽聽hackers knocked out power in Brazil. Yet, too much聽soot at an electric utility actually 聽Hackers have been blamed for聽everything from to . And, in case after case, further investigation revealed that hackers weren't involved.听
In the corporate world, incident response teams follow up on breaches. They聽gather tons of evidence to determine how the attackers gained entry and how they siphoned off data. Evidence includes聽log files, Internet protocol (IP) addresses, network traffic, and malware samples. The experts examine evidence to determine how to fix security loopholes and keep other attackers from getting back into critical systems.
The job of placing blame for cyberattacks聽is usually left to law enforcement. But it's another matter altogether when it comes to blaming foreign nationals. That's a political maneuver. Formal declarations such as the one that came from Homeland Security and intelligence officials last week give聽politicians new reasons to rattle their sabers and stoke cybersecurity paranoia. But without evidence backing up these claims, the finger pointing is simply reckless and negligent.听
Without facts, the US government is trusting the US public and the rest of the聽world聽to take their claims at face value. Yes, there could be tactical reasons not to reveal too much about how adversaries carry out their attacks, and too much information could even reveal how the US carries out similar operations abroad.听
President Kennedy faced a similar dilemma in 1962. After military officials showed him聽 that revealed a buildup of nuclear missiles in Cuba, Mr. Kennedy made the photos public, leaving little doubt about Soviet aggression.
Releasing the photos,聽which was done against the wishes of Kennedy's聽top national security advisers, compromised the聽operational security of the U2 program. But Kennedy felt it was a necessary compromise.
While I'm certain the聽four formal hacking attributions levied by the US government are accurate, facts should still accompany these claims. Otherwise, as far as the US public knows, Trump is correct:聽"It could also be lots of other people.听It also could be somebody sitting on their bed that weighs聽400 pounds."
