By Raz Rafaeli, CEO, and co-founder of Secret Double Octopus
Disclaimer: This is my personal opinion piece and not the views of Cyber Defense Magazine – I appreciate the opportunity to share my views and I believe this article will get a lot of reactions from numerous angles – having a forum to discuss our different opinions is what makes American media outlets like CDM a great venue.
Say what you will about President Donald Trump, and there’s a lot to say, but Trump came at a pivotal time in cybersecurity when threats had grown (and continue to grow) exponentially in the US and around the globe.
Now that we are a year and change into Trump’s presidency, it would be prudent to take a look at some of the new policies in the cybersecurity sphere that have been implemented by the administration. Understanding these policies and their goals can give some insight into the implications they are likely to have on government agencies, companies, and individual citizens.
Chinese and Russian Product Concerns
In September, the Department of Homeland Security (DHS) issued an announcement ordering federal agencies and departments to cease using software produced by Russian firm Kaspersky Lab, citing potential risks to U.S. national security.
According to reports, DHS based its decision on suspicions that ties between certain Kaspersky employees and the Russian government may indicate a threat to the secureness of these programs. The order gave all federal agencies 30 days to remove the now prohibited programs.
Kaspersky, one of the largest vendors of its kind in the world, specializes in the end security and virus detection. If there were in fact malware designed to divert data contained in one of these Kaspersky programs, highly sensitive government files would be at risk of being compromised.
No longer will certain Chinese-made smartphones be allowed in the US government as well as laptops and tablets. This, of course, creates a major sourcing problem but also an opportunity for new US-based chip, motherboard, and hardware manufacturing, rekindling this talent from their past innovative market lead until price and tax issues forced these offshore.
While the threat of Kaspersky products remains unsubstantiated (the company fervently denied any Russian government connection and even agreed to interrogation before Congress), the ban still made an important contribution beyond any specific regulation. The ban brought to the fore the serious risk of the supply chain threat to hardware, namely the danger that devices and programs can become infected with malware at some point before reaching the consumer. The ban triggered increased scrutiny of devices and hardware used in governmental organizations, including the US military.
Election Infrastructure Security
Trump’s administration has made significant progress in securing the country’s electoral infrastructure from cyber threats. In recent months, DHS has ramped up its Risk and Vulnerability Assessment (RVA), the mother of all system penetration tests. Reports now indicate that 33 states, as well as several other local governments, have now successfully received DHS screening of their digital electoral system.
The demand for the RVA from state governments has spiked. Awareness to the very real threat of hackers targeting voting infrastructure began to spread after the 2016 presidential election. Washington was for a while playing catch-up to address vulnerabilities to the election grid following these realizations. Awareness of the threat to election data was increased in early December after local media reported that personal details of over 19 million California voters ended up in the hands of hackers after having been posted to a private cloud server.
Recognizing the growing importance of cybersecurity to US defense, the administration made a substantial change to the make-up of America’s military structure with the creation of US Cyber Command, or CYBERCOM. On August 18, the White House released a statement announcing the presidential order to elevate US Cyber Command to the status of an independent Unified Command under the Department of Defense. Until that point, Cyber Command had been a substructure of US Strategic Command (STRATCOM).
The creation of CYBERCOM addressed an important, strategic reality. In the modern era, any global conflict opens up a cyber arena as well. One of the most ongoing cyber-sphere conflicts, for instance, has been the promotion and instigation of violence by militant Islamist groups. Groups such as United Cyber Caliphate (UCC) and Cyber Caliphate Army (CCA), both affiliated with ISIS, conduct hacking operations, and more importantly promote and recruit to the Islamic State’s cause via online platforms. Conflicts between the US and other state rivals such as Iran and North Korea have both resulted in the opening of cyber front’s, with important consequences to national security.
National Protection and Programs Directorate (NPPD)
What CYBERCOM did for the military, the National Protection and Programs Directorate (NPPD) has done for domestic security. While DHS has long incorporated cybersecurity into its national defense work, there hadn’t been a separate body charged with securing the cybersphere.
While the actual creation of NPPD was finalized by a Congressional vote, the emergence of the new agency was the result of a broader administration policy direction to give cybersecurity the primacy it deserves within the framework of domestic security. In accordance with this attitude, Trump nominated Kirstjen Nielsen to replace John Kelly as the head of DHS. Neilson’s background is in cybersecurity, having formerly been a member of the prestigious Resilience Task Force of the Center for Cyber & Homeland Security committee at George Washington University. Nielsen was originally slated to head the cyber office of DHS. As it became clear that the NPPD was to become the nation’s new cyber operation, independent of DHS, Nielsen was instead given reign over the whole Department.
Threats to Critical Infrastructure
No other cyber threat addressed by the Trump administration touches closer to home than the danger to national critical infrastructure.
In May, Trump signed an executive order to bolster the security of digital frameworks in the United States. For governmental agencies, the order requires each agency head to abide by the recommendations of the federal research organization, the National Institute of Standards and Technology (NIST). Until that point, NIST had been a research and advisory body only, with no concrete policy power. Now, NIST is the official standard for all government organizations.
For the civilian realm, the order requires that an array of federal bodies, including the Department of Defense, Department of Labor, and DHS, collectively produce a series of reports to the president on how to better secure private IT grids. This, in essence, charged the full slew of federal departments to prioritize private-sector cybersecurity as part of their job description.
This order has proved to be immensely important in light of a year full of emerging threats to cyberinfrastructure. These included an FBI report concerning increased danger posed to infrastructure sectors by malicious actors, the WannaCry epidemic, attributed by the US to North Korean-backed cybercriminals, topped off by reports last month of a hacking campaign that deployed malware against electrical power stations, assessed by experts to be the work of “nation state” actors.
All of these policy moves highlight a unique feature of cybersecurity: It requires tight cooperation between the private and governmental sectors in almost every facet. As the administration’s decisions reflect, cyber threats at the level of national security will likely target the country’s soft “underbelly” of critical infrastructure in the civilian domain. This demonstrates the importance for private users, at both the organizational and individual level, to bolster their systems and devices as these threats continue to grow. Trump’s initiatives on cyber are certainly on the right track. The long term goal for the country as a whole will be to continue fostering the national culture of security, which will certainly see more private collaboration with government, and more regulations directly affecting the private sector.
About the Author
Raz Rafaeli is the CEO and co-founder of Secret Double Octopus, the world’s only keyless multi-shield authentication technology that protects identity and data across cloud, mobile and IoT environments. Rafaeli has more than 20 years of leadership experience in the security, networking and enterprise software industries as well as an M.Sc. in Computer Science from the Technion Institute of Technology.