Cybersecurity in Trumpland: Not Pretty

It’s Day 2 of a post-Trump victory world and the fear and uncertainty is starting to settle into...more fear and uncertainty. That’s not helped by the fact that there is a breathtaking lack of understanding on the cyber-front on the part of the Donald.

Certain industries (if not the majority of the American public that voted against him) initially liked the election results, including cybersecurity. We may find that bullishness to be very, deeply misguided.

With a Trump agenda calling for "an immediate review of all US cyber defenses and vulnerabilities,” the sector has seemingly responded positively given the near-term Wall Street results.

As Seeking Alpha pointed out, sector price movements were notable during yesterday’s full day of trading:

“FireEye (FEYE +0.5%), Palo Alto Networks (PANW +3%), Fortinet (FTNT +1%), CyberArk Software (CYBR +3.5%), Check Point Software Technologies (CHKP +1.7%), Proofpoint (PFPT +2.3%), Imperva (IMPV +0.8%), Symantec (SYMC +0.6%), Barracuda Networks (CUDA +2.2%), VASCO Data Security International (VDSI +3.7%), Akamai Technologies (AKAM +0.3%), Limelight Networks (LLNW +2.2%), Level 3 Communications (LVLT +1.9%).”

Those are gains, but modest gains, it must be said. That’s likely because actually enacting a cybersecurity policy that works in the real world will take a broader view than just a “let’s keep ‘em out” mentality, which is about all that the Trumpster (whose superhero name should be the Human Cheeto in this slogger’s eyes) has said on the issue.  

As far as “the cyber,” as he termed it during the first presidential debate, is concerned, he’s not sure that Russia is behind the rash of hacks we’ve seen of late, and it’s all been President Obama’s fault anyway:

“The truth is, under President Obama we've lost control of things that we used to have control over. We came in with an internet, we came up with the internet.”

Oh sure, it’s not because the threat landscape has evolved or that we’re more connected than ever before; it’s not because of commoditized tools appearing on the scene for adversaries or increasingly well-funded nation-state hacking teams. It’s just Obama not watching the gates. And therefore, we should lock that shizz down!

As he said back in December, regarding radical jihadists using cyber-avenues for recruitment and virtual attacks:

"We're losing a lot of people because of the internet. We have to see Bill Gates and a lot of different people that really understand what's happening. We have to talk to them about, maybe in certain areas, closing that internet up in some ways. Somebody will say, 'Oh freedom of speech, freedom of speech.' These are foolish people."

And besides, we control the internet, right? Just call Bill Gates, he’ll tell ya. U-S-A! U-S-A!

Aside from these ridiculous campaign statements, which arguably were simply pandering comments meant to incite his core base of policy-lite, soundbite-heavy supporters to getting out the vote and bringing their friends, his stated cyber-policies as they stand are pretty skimpy, and focused solely on enhancing the US government’s internal capabilities.

So what is wrong with the p-p-p-p-pres…

Oh forget it, I can’t even bring myself to use the title. What if I say “the Trump-elect,” how about that? Let’s try this again.

So what’s wrong with the Trump-elect’s skeleton policy?

According to Fadi Albatal, SVP of Above Security, recognizing that isolationism won’t work is a good place to start. After all, the US DOESN’T ACTUALLY OWN THE INTERNET.

“To address state-sponsored cyber threats, there is a need for allied coalitions and joint defense and attack capabilities to help deter state enemies,” he told us via email. “Expanding the role of NATO to cyberwarfare operations and acting as a central body for intelligence collection and counter-attack operations is one idea.”

That would be YUGE! Just tremendous! Right? Well, Trump doesn’t really want to work with NATO, unless they start paying up, so that might be an obstacle.

Plan B?

“Additionally, more international regulations are needed to fight cybercrime, so that we can create stronger collaboration between nations and local law enforcement to dismantle operations that are targeting organizations in other countries,” Albatal said.

Regulations? Really? Ha ha ha ha ha ha ha ha! Good luck with that in Trump-world, especially given the Republican-controlled House and Senate.

Ha. Still chuckling over that one.

Albatal did mention one recommendation that Trump & co. can get behind if they don’t think too hard about it: “This should include the ability to shutdown internet services at the service provider level and also extend prosecution across countries to support expanded jurisdictions and greater international oversight.”

Did someone say “shut down” and “internet” in the same sentence? Sold!

Whether you like Trump or not (bet you can’t guess who I voted for?), the man’s own statements show a frightening lack of understanding about what’s we’re up against from a cyber perspective, and how we should address it. We don’t just have to worry about the “400-lb hacker” living in his mom’s basement, as Trump indicated. Adversaries are getting smarter and more well-equipped every day. Effectively winning cyber-battles will mean information-sharing and international alliances, coordinated action and yes—he got this piece right—beefing up investment in our own capabilities.

Here, it should be noted that on that domestic beefing-up front, all of this comes amidst concerns about increased surveillance and support for whacking away at privacy.

Bottom line? Addressing cybersecurity challenges is a complex and nuanced problem. But I’m pretty sure that “complex and nuanced” are not the Trump-elect’s forte. 

Photo © a katz/

What’s Hot on Infosecurity Magazine?