Modern field guide to security and privacy

Opinion: The hackers are winning

Unless Washington stops politicizing the response to the US election hack and focuses on improving the nation's digital security, the country remains vulnerable to devastating cyberattacks.

|
Kevin Lamarque/Reuters/File
President Obama with Russian President Putin during the G8 Summit at Lough Erne in Enniskillen, Northern Ireland, in 2013.

As Washington continues to wrangle over technical details and diplomatic consequences of Russian hacking allegations, we may lose sight of the only undisputed fact in this saga: Hackers attempted to undermine the integrity of US elections. And, it wasn't hard to do.

Regardless of the culprits' identity or motives, Congress and the administration now have an urgent responsibility. They need to develop specific policies and a new strategic focus to fix America’s endemic cybersecurity vulnerabilities. 

Michael Morell, former acting director of the CIA, called the recent attacks the “political equivalent of 9/11.” Yet, the response has been underwhelming. Rather than prioritize actions that would improve cybersecurity, the major responses to these cyberattacks have been to impose sanctions on Russia and call for congressional investigations of foreign influence in the election and potential breakdowns at the FBI.

While these actions may be necessary, they are not enough. In the aftermath of 9/11, Washington acted swiftly to recognize the failures in domestic security and put forth a new plan to fight terrorism at home and abroad by federalizing airport security, establishing the Department of Homeland Security, and passing the USA PATRIOT Act. Unfortunately, there appears to be no emerging consensus that US cybersecurity policy needs an overhaul.

The most notable aspect of the recent cyberattacks is that most businesses and government agencies are vulnerable to the same threats that brought down the DNC and Clinton campaigns. Just as 9/11 exposed how a few extremists with box cutters could unleash terror in the skies, these cyberattacks should serve as the wakeup call America needs to better prepare its computer systems and networks for today’s threat environment.

So, what should we do about it? The nation rushed to reinforce cockpit doors in the months after Sept. 11, 2001, and we need to take similar steps to close gaps in our digital security. For example, most Americans still use only passwords (weak ones at that) to sign in to online services. In contrast, Estonia provides its citizens with smartcards to securely access digital services using multifactor authentication. To jumpstart the market for online identification and authentication services, the US government should follow Britain's lead and allow all citizens to access government services using a single, trusted login.

Moreover, the election hacks are a symptom of the US government's flawed approach to cybersecurity. It wants to defend itself against digital attacks while successfully executing these same attacks on foreign adversaries. However, this policy is unrealistic for today's global networks. When everyone uses the same technology, everyone shares the same vulnerabilities. Cyber superiority is an impossible goal: when an online service is susceptible to an attack, all users, Americans and non-Americans alike, are threatened.

Yet these contradictory goals are at the heart of most US cybersecurity policy, including the mission of US Cyber Command. This philosophy of “relative security” rather than “absolute security” is the reason that US law enforcement and intelligence agencies oppose measures that would improve security for everyone, such as expanding the use of end-to-end encryption or disclosing new vulnerabilities, as they hope to exploit these weaknesses against America’s adversaries.

Unfortunately, the result is that US systems are just as likely to be compromised as those of our enemies. Until the US creates a new cybersecurity policy that prioritizes defensive capabilities and resiliency over offensive strength – and advocates for this new vision among its global allies – the fundamental cybersecurity challenges will remain unchanged. 

Rather than debating how to realign the US approach to cybersecurity, Congress appears to be fighting over committee jurisdiction to investigate the Russian hacking allegations. This will not solve the underlying problems. Regardless of whether Russian President Putin orchestrated the recent hacks, it is time to change the status quo. Securing cyberspace may prove to be much more difficult than securing airspace, but it is urgent that we begin this conversation anew.

Daniel Castro (@CastroTech) is vice president of the Information Technology and Innovation Foundation, a US science and tech policy think tank.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Opinion: The hackers are winning
Read this article in
https://www.csmonitor.com/World/Passcode/Passcode-Voices/2017/0104/Opinion-The-hackers-are-winning
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe