Why the Democratic Party hacks should concern all Americans: Picks of the Week
Dem party hacks shows neither side is serious about cybersecurity | The Hill
Is Hacking Hillary Clinton Russian Payback for the ‘Freedom to Connect’? | Net Politics – Council on Foreign Relations
By November, Russian Hackers Could Target Voting Machines | Lawfare
The news that the Democratic National Committee (DNC), Democratic Congressional Campaign Committee (DCCC), and the Hillary Clinton campaign were hacked—allegedly by Russian state-sponsored hackers or proxies—has generated intense attention and has already cost the DNC chair her job and forced the resignation of the DNC’s CEO. More troubling, however, is the possibility that a foreign country may be using the fruits of its cyber espionage campaign to influence domestic electoral politics and to manipulate the U.S. presidential election. This affects more than just the Democratic party, and the string of cyber attacks has implications for every political party, every organization, and our democratic principles themselves.
America must, before it is too late, have a rational and informed discussion about cybersecurity and the ramifications of cyber crime, cyber espionage, and even cyber disruption on our economy, national security, civil liberties, and democratic processes.
As Col. Leighton (ret.) rightly pointed out this week in The Hill, “when the Internet was first developed, it was designed to foster communications between researchers. Security was, at best, an afterthought. Throughout the ’80s, ’90s, and the 2000s, we built ever more capable systems, developed faster and faster processors, housed billions of terabytes of data, and placed our private and public lives increasingly online. We did much of this without really designing security into the software and hardware that was making all this possible. Few of us really thought much about Internet security.”
Today, the proliferation of information communications technologies (ICTs) and the increased reliance on the Internet has exposed governments and organizations alike to a growing number of vulnerabilities and opened the door to a wide range of malicious cyber activities and different threat actors. Cyber risks can affect organizations of all sizes in all sectors and can represent an existential threat for highly connected societies.
Companies and government agencies alike can actually do a lot to start building strong defenses necessary to protect, detect, mitigate, and respond to persistent cyber threats, but they don’t always have the will, the resources, or the knowledge needed. As a start, organizations should guard against phishing attacks, sanitize their email attachments, develop Data Loss Prevention strategies, guard against insider threats, and encrypt all their sensitive data. Unfortunately, very few companies and government agencies have undertaken these measures to date. Their failure to do so has already cost them millions of dollars in post-breach investigation, remediation, and recovery costs; damages to reputation and brand value; and even the resignation of top executives (e.g. Target, Sony, OPM). Cybersecurity cannot be treated as an isolated “IT problem” best left to the IT department alone. As I have argued before, this approach is both untenable and dangerous. Achieving cybersecurity requires the consistent attention and commitment of every organization’s most senior leaders. Those senior leaders must see cyber risk as a component of their organization’s overall security posture, and work to integrate cybersecurity front and center into their daily activities and anchor it into their decision-making processes in a holistic and comprehensive manner. And our national leaders have an additional responsibility to assure the safety and security of our country’s most valuable, sensitive information, systems, and infrastructure.
The fact that foreign actors may be attacking our nation’s computer systems—let alone a powerful adversary like Russia—in an apparent attempt to influence a presidential election should concern all Americans of any party. As Bruce Schneier noted, “this kind of cyber attack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November—that our election systems and our voting machines could be vulnerable to a similar attack.”
There have also been speculations that the recent hacks might somehow represent payback for the position taken by the Obama Administration and then Secretary of State Clinton in support of Internet freedom—including efforts to help individuals silenced by their authoritarian governments (i.e. Russia and China)—and that those policies and rhetoric constituted a U.S. strategy to intervene in the domestic politics of foreign countries through cyber means. This and other theories offered by experts frame recent hacks and the release of DNC emails (and potentially new disclosures promised by WikiLeaks founder Julian Assange) in ways that reinforce the increasing political and economic risks that highly-connected countries face and the lack of global norms regulating cyberspace. As David Fidler concludes, “the escalating risks and paucity of agreed norms help explain the growing prominence of coercion, retaliation, and deterrence in cybersecurity policies. Frequent calls for retaliation against Russia, if Russian involvement in the DNC leaks is sufficiently established, highlight these rising dangers, the entrenched disagreements about appropriate state behavior in cyberspace, and the growing desire to address cybersecurity threats through power politics.”