A large percentage of information security professionals believe that cybercriminals are influencing the outcome of the US presidential election.
According to a Tripwire survey of BlackHat attendees, nearly two-thirds (63%) of the respondents said that they thought this to be the case.
With the FBI investigating a high-profile breach of the Democratic National Committee’s computer network, believed to be Russian in origin, most suspect that it may have orchestrated the hack to influence the outcome of the presidential election in Republican nominee Donald Trump’s favor. Additionally, Andrés Sepúlveda, a political hacker connected with manipulating elections across Latin America, said he was “100% sure” the US presidential campaign was being tampered with in a controversial March interview with Bloomberg.
“This is an unprecedented moment in both politics and information security,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “A foreign power possibly influencing the US presidential election through electronic means is a game changer for information security professionals. While these survey results aren't surprising, they are very important. We're seeing a significant shift in the role that information security plays on the global stage. While the DNC attack is the most visible, it's not the first incident. We've been building up to this type of event for a number of years.”
The survey also found that 82% of the respondents believe state-sponsored attacks on elections should be considered acts of cyber-war.
Erlin continued: “While it's clear that the majority of respondents believe state-sponsored attacks are an act of cyber-war, there's little consensus on what an appropriate response should be. It's time for the conversation to move beyond true and false to defining an appropriate cyber war response.”
On this front, the 2016 Republican Party platform states that victims of cyber-attacks should have "a self-defense right” to retaliate. Just over half of the respondents (55%) said that they believe this policy would improve national or global cybersecurity.
Others struck a more cautious tone. “In addition to considering nation-state cyber-attacks to be an act of war, respondents favor an organization’s right to strike back,” said Dwayne Melancon, CTO and vice president of research and development for Tripwire. “These two positions have one thing in common: a high margin for error. Attribution of cyber-attacks is very difficult. For example, investigations sometimes discover that attacks appearing to come from other countries actually have a command and control base in the US, and vice versa. If a cyber-attack escalates into war or retribution, you'd better be certain of its origin.”
Photo © mikeledray/Shutterstock.com