Let me open with this statement: I am not a lawyer.
Over the course of my career, though, I have worked with many attorneys and legal teams on a variety of issues from data breaches to personnel investigations, and at many different levels up to and including work with Federal agencies.
I am familiar with the laws. However, I am not here to interpret them as I am not certified by any state Bar. Therefore, to comment on the legality of Mr. Trump's perceived encouragement of a foreign nation state to commit acts of espionage via cyber-attacks against political organizations and their representatives within the United States today would be a bit outside my area of expertise.
Nevertheless, what I am is an information security professional that is certified by organizations such as SANS, (ISC)2 and many others. As it pertains to the specifics of operating in an ethical manner, we information security professionals are quite literally certified to go on at length about that subject. It is, in fact, written into the code of ethics of the various organizations in which I'm certified.
Taking (ISC)2 as one example, their code of ethics canon states that its members will:
• Protect society, the common good, necessary public trust and confidence, and the infrastructure
• Act honorably, honestly, justly, responsibly, and legally
• Provide diligent and competent service to principles
• Advance and protect the profession
It is, perhaps, unprecedented in the modern technology era that a public political figure would ever come out and openly encourage another nation to hack our country's infrastructure in any way, shape or form. Whether or not it is outright illegal? That will be for lawyers to determine.
However, in my opinion, it is an absolutely unethical, extremely negligent and very dangerous sort of announcement to make publicly.
While Mr. Trump may not be an information security professional, certainly the notions of the first two parts of the (ISC)2 canon should apply to any government employee, politician or representative as a guidepost on how to operate within the best interests of our society and promote the common good of all its citizens. Ethics is not solely within the domain and purview of information security, but rather, is at the core of each and every profession and societal norm we promote today.
As information security professionals, we take the notion of ethical behavior very seriously and always act within the bounds of guidelines like these in trying to protect and secure the networks and technology infrastructure that is involved in nearly every single aspect of our day to day lives. We already see more and more data breaches taking place each year, and the number of attacks which come from foreign nations is growing as well.
It is unfathomable to me that a public figure, such as Mr. Trump, would ever openly encourage these kinds of attacks to be done, for any reason. The risks we face as a nation are already great, and this does not, in any way, serve the common good or protect the public trust or the infrastructure we rely on from these kinds of attacks.
These statements, even if as sarcasm, are absolutely negligent, reckless and completely violate these basic tenets of ethical behavior and trust. Ultimately, they put our country into the dangerous crosshairs of more nation-sponsored cyber attackers
It doesn't take a lawyer to figure that out.