WNPR

Experts Hope Trump Makes Cybersecurity An Early Priority

Dec 26, 2016
Originally published on December 27, 2016 2:43 am

President Obama has promised to take action in response to findings by U.S. intelligence agencies that Russia hacked computers at the Democratic National Committee and other Democratic political groups. And one of Donald Trump's first big decisions as president may be whether to continue down the chosen path.

State-sponsored hacking is "arguably one of the biggest threats to the nation," says Jay Kaplan, a former analyst at the National Security Agency. State actors are behind numerous recent hacks, including the federal employee records at the Office of Personnel Management, believed to be the work of China.

In a recent report on enhancing national cybersecurity, the Obama administration avoided addressing the issue of state-sponsored hacking head-on. But it did recommend steps — including training 100,000 new "cybersecurity practitioners" by 2020 — to fix vulnerabilities in government and private networks.

Crowdsourcing offers a path to tackle the challenge, Kaplan says. He is CEO of Synack, which is working with the Pentagon using crowdsourcing "to uncover security holes across the federal government," as he puts it. Right now, the effort is focused on the Defense Department, Kaplan says, but he hopes "to broaden that scope soon."

A new administration may bring other new ways of looking at the problems — or at least that's what Betsy Cooper hopes. She is executive director of the Center for Long-Term Cybersecurity at the University of California, Berkeley.

"We absolutely believe that this is an opportunity for progress," Cooper says, "that a new administration without ties to past government structures creates the opportunity for resetting the playing field."

One proposal is for a cyber workforce incubator to be set up in Silicon Valley, where tech industry experts and government officials could get together to exchange ideas. They would spend a year or two together and then "each group would rotate back to their normal jobs," Cooper says.

The idea is that in that period, the government workers will get "better exposure to the Silicon Valley culture and way of working," Cooper says, while those from the tech industry will better understand "the importance of government problems and the importance of working on these issues in the public sector."

Cooper also suggests a public campaign — like the government has used to get people to buckle their seat belts or to recycle — to get ordinary Americans aware of the importance of things like using strong passwords and other so-called good cyber hygiene practices.

It's not just individuals or government systems that need help with cybersecurity issues.

"I think the president should focus on three things: energy, finance and telecom," says Melissa Hathaway, president of Hathaway Global Strategies, who has worked on cyber issues in the Obama and George W. Bush administrations.

Hathaway, who is also a senior adviser on Harvard University's Cyber Security Project, says the IT systems of utilities and banks have already been infected with malware and are vulnerable to hackers, not only from state sponsors, but also criminals: "If I can bring a utility offline through ransomware or through some other means," she says, "I can cause them to pay to get it restored."

And she points to recent attacks, in which hackers hijacked Internet-connected devices to bring down online services including Twitter and Spotify.

"It's really important that we stop talking about these problems and start solving them," Hathaway says. "And that's going to require leadership; it's going to require focused attention."

She says if Trump wants to make America great again, he needs to address cybersecurity quickly.

Copyright 2017 NPR. To see more, visit http://www.npr.org/.

ARI SHAPIRO, HOST:

And it's time for our weekly stroll through technology and the changes that it brings to the world. This week on All Tech Considered, we're hearing about improbable news and the search for a new name for the dongle. First, a report on cybersecurity - NPR's Brian Naylor reports this is an issue the Trump administration will have to confront.

BRIAN NAYLOR, BYLINE: One of Donald Trump's first big decisions as president may be whether to continue whatever actions the Obama administration has promised to take in response to findings by U.S. intelligence agencies that Russia hacked computers at the Democratic National Committee and other Democratic political groups.

JAY KAPLAN: State-sponsored hacking is arguably one of the biggest threats to the nation.

NAYLOR: Jay Kaplan is a former analyst at the National Security Agency. State actors are behind numerous recent hacks including employee records at the Office of Personnel Management believed to be the work of China. The Obama administration in a recent report on enhancing national cybersecurity avoided addressing head-on the issue of state-sponsored hacking, but it did recommend steps including hiring 100,000 what it called cybersecurity practitioners over the next 10 years to fix vulnerabilities in government and private IT systems. That's a huge challenge, Kaplan says, but there are other ways to deal with the problem.

KAPLAN: A great example of that is actually using crowdsourcing as a solution.

NAYLOR: Kaplan's firm, Synack, is working with the Pentagon on just that.

KAPLAN: To uncover security holes across the federal government, specifically DOD focus, but they're hoping to broaden that scope soon.

NAYLOR: And a new administration may bring other new ways of looking at the problems or at least that's what Betsy Cooper hopes. Cooper is director of the Center for Long-Term Cybersecurity at UC, Berkeley.

BETSY COOPER: We absolutely believe that this is an opportunity for progress that a new administration without ties to past government structures creates the opportunity for resetting the playing fields.

NAYLOR: One proposal is for a cyber workforce incubator to be set up in Silicon Valley where tech industry experts and government officials could get together to exchange ideas.

COOPER: Each group would rotate back to their normal jobs - the government folks having gotten better exposure to the Silicon Valley culture and the way of working and the Silicon Valley folks having better understood the importance of government problems and the importance of working on these issues in the public sector.

NAYLOR: Cooper also suggests a public campaign like the government is used to get people to buckle their seat belts or recycle to get ordinary Americans aware of the importance of things like using strong passwords and other so-called good cyber hygiene practices. It's not just individuals or government systems that need help with cybersecurity issues.

MELISSA HATHAWAY: I think the president should focus on three things - energy, finance and telecom.

NAYLOR: Melissa Hathaway has worked on cyber issues in the Obama and George W. Bush administrations. She says the IT systems of utilities and banks have already been infected with malware and are vulnerable to hackers, not only from state sponsors, but also criminals.

HATHAWAY: If I can bring a utility offline through ransomware or through some other means and I can cause them to pay to get it restored, you're seeing criminals enter into this area as well.

NAYLOR: And she points to recent attacks in which hackers hijacked so-called internet-of-things devices, like printers or refrigerators, to bring down online services including Twitter and Spotify. She says it's time to act.

HATHAWAY: I think it's really important that we stop talking about these problems and start solving them, and that's going to require leadership. It's going to require focused attention.

NAYLOR: And Hathaway says if Trump wants to make America great again, he needs to address cybersecurity quickly. Brian Naylor, NPR News, Washington. Transcript provided by NPR, Copyright NPR.