It’s been almost a week since American citizens elected Donald J. Trump as their 45th president. Ever since, there have been a variety of speculations on what his presidency would mean for the USA and world at large. Many are worried that his victory may have initiated a new trend which could affect the upcoming elections in France, Germany and other European nations.
This uncertainty has also trickled down to the world of cyber security. The president elect has formulated the following four point strategy to deal with the growing menace of crime in the cyber regime:
- Order an immediate review of all U.S. cyber defenses and vulnerabilities, including critical infrastructure, by a Cyber Review Team of individuals from the military, law enforcement, and the private sector.
- The Cyber Review Team will provide specific recommendations for safeguarding different entities with the best defense technologies tailored to the likely threats, and will [be] followed up regularly at various Federal agencies and departments.
- The Cyber Review Team will establish detailed protocols and mandatory cyber awareness training for all government employees while remaining current on evolving methods of cyber-attack.
- Instruct the U.S. Department of Justice to create Joint Task Forces throughout the U.S. to coordinate Federal, State, and local law enforcement responses to cyber threats.
- Order the Secretary of Defense and Chairman of the Joint Chiefs of Staff to provide recommendations for enhancing U.S. Cyber Command, with a focus on both offense and defense in the cyber domain.
- Develop the offensive cyber capabilities we need to deter attacks by both state and non-state actors and, if necessary, to respond appropriately.
A glimpse into the future
It is not yet clear on how he plans to implement this. However, a rough picture could be drawn based on the remarks made, on cyber security, during his presidential election campaign. In a press release issued by his office on October 3, 2016 he promised to take immediate action on cybersecurity in his administration. Some of these actions, as stated in the press release, include:
- “I will make certain that our military is the best in the world in both cyber offense and defense.”
- “As a deterrent against attacks on our critical resources, the United States must possess the unquestioned capacity to launch crippling cyber counter-attacks. This is the warfare of the future, America’s dominance in this arena must be unquestioned.”
- “We should turn cyber warfare into one of our greatest weapons against the terrorists.”
- “Those who violate classification rules will be held responsible to the fullest extent of the law. I will appoint an Attorney General who will reform the Department of Justice like it was necessary after Watergate. My Attorney General will restore the integrity of the Department of Justice.”
At the outset, it appears that Trump aims to be aggressive with his cyber security strategy and envisions to strengthen the offensive capabilities. In order to pull this off, he would need to identify the weaknesses of not only their own armor but that of their enemies as well and then build the capabilities as required. This brings us to the another question. Does he understand who the enemy is and where to point the gun? Given the nature of the web, an attack could come from anywhere or it maybe given an appearance of originating from anywhere. While speaking about the DNC hack during the first presidential debate, he stated that, “I mean, it could be Russia, but it could also be China. It could also be lots of other people. It also could be somebody sitting on their bed that weighs 400 pounds, okay?” This statement disregards the fact that most of the American intelligence agencies and reputed cybersecurity firms had declared the involvement of the Russian state-sponsored groups after walking through the evidence. Why is he defending Russia?
Further, speaking on terrorism and cyberterrorism, he stated that, “We came up with the Internet. And I think Secretary Clinton and myself would agree very much, when you look at what ISIS is doing with the Internet, they’re beating us at our own game. ISIS.” It is worrisome that he still considers the web as a property of the USA. While the US had a major contribution in shaping up the web to what it is today but it doesn’t have an exclusive control over it. Philip Bump, Politics writer at The Washington Post, has analyzed Trump’s response in his article The answer that best exemplifies how badly Donald Trump was out of his depth in the debate. The Atlantic, in it’s article Trump’s Incoherent Ideas About ‘the Cyber, has also raised concerns about Trump’s understanding of the cyber security issues plaguing the web and the United States of America.
In one of his speeches, Trump called out Bill Gates for a meeting to discuss on how parts of the internet could be closed-off to combat the growth of terrorism. Agreed that terrorism is a growing problem and needs to be curbed but is this a practical solution? While some countries, such as China and North Korea, have employed similar controls but their applicability cease to exist outside the border of such countries. It would be difficult, if not impossible, to close-off a part of the internet from the entire world because it is not owned, controlled or regulated by any single entity.
In another speech, he requested American citizens to boycott Apple products until the technology giant helps the FBI break into the iPhone of one of the San Bernardino shooters. It is such remarks from him that have given sleepless nights to various US-based tech giants and privacy activists. After all, he now controls one of the most sophisticated and powerful surveillance system in the world. The Wire has also posted a series of articles, on their website, speculating the implications of Trump administration on both cyber security and user privacy.
What does it mean for cyber security in India?
It is too soon to say how Trump’s victory would affect the Indian cyber security scenario. However, going by Trump’s comments on India and PM Narendra Modi, it seems that both nations stand to benefit from each other. In his speech to the Republican Hindu Coalition on October 15, 2016, Trump named India as the US’s natural ally and gave India the status of ‘Best Friends Forever’.
At the launch of Digital India event, on July 1, 2015, PM Modi shared his vision of strengthening India’s cyber security capabilities and making India a global player in this domain. A cyber security task force was also setup under the guidance of NASSCOM to make this vision a reality. The Task Force had proposed setting up of 4 working groups – Industry Development, Technology Development, Skills Development and Policy Development. The first meeting of the working group was convened on June 10, 2015.
It is no secret that India needs to work diligently on it’s cyber security capabilities. This is not to say that it is inferior in any way. India has just woken up to the possibility of a cyber war and it’s catastrophic implications. Initiatives are already in place to strengthen it’s position in this domain. Having the US as an ally, would only speed up this process. If Trump actually manages to deliver on his four-point strategy (though I have my doubts), India can benefit both in terms of policy and technology. For example, at present, most of the cyber security tools developed in the US have export restrictions. Same is true for advanced encryption algorithms. With a close relationship between the US and India, as envisioned by Trump, these norms could be relaxed for India.
How things would shape up between the two nations, only time will tell. We would love read your views on implications of Trump victory in the world of cyber security. How would Indian cyber security scenario be affected by Trump victory? Do let us know in comments.
Uday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity awareness, offensive security research etc. and has authored various articles on topics related to cyber security and software development for a leading magazine on open source software.