It doesn't matter if they are state-sponsored or live in their parents' basement. Hackers thrive in the shadows of our culture. Leaders hesitate to declare supremacy over them lest they get taught a very public lesson in humility. But, if a superpower uses those hackers to access a foreign government's information, and that's not an act of war, what next?
Jim Webb, a heavily decorated war veteran, tried to get his fellow presidential hopefuls to address that issue during the first Democratic debate Tuesday night on CNN. Unfortunately, he spent more time kvetching about how little time he was getting than pressing for his chosen topic -- cybersecurity -- which he correctly pegged as the biggest threat to national security.
In my forthcoming book on identity theft and data security Swiped, I talk about cybersecurity at the enterprise-organization level. Here is an adapted excerpt on why we need political leadership on this issue:
It is a stretch to assume our nation's leaders should set the tone for how things are done in the rest of the country, but in an ideal world our leaders would...well, they would lead. That has hardly been the case in the cyber realm.
The lax approach to email security and data privacy that prevailed in both the Clinton and Bush campaigns are Exhibit A. Early in the 2016 cycle, Clinton's "emailgate" created a firestorm after it was revealed that the former Secretary of State had used a home-brew email server instead of the policy-mandated servers of the State Department. The bigger affront was the assumption that her server was more secure than the government servers (though perhaps she was right since the State Department was hacked).
On the Republican side, Jeb Bush had his own email whoops moment. He was careless. He took a laissez-faire approach to a problem that requires constant attention, imagination, quick reactions and a kind of public-minded decision-making process that is constantly on the lookout for trouble and the best ways to avert it. In what Gov. Bush billed as a show of transparency -- an obvious dig at the famously secretive Clinton camp -- he released more than 250,000 emails amassed over the course of his tenure as governor. Some of the emails contained the personally identifiable information of constituents -- including Social Security numbers. While the move did not pose a national security risk, or rise anywhere near the level of Clinton's email problem, it demonstrated a poor understanding of data security and identity theft -- or a nonexistent one.
The list of political leaders who just don't quite get the whole "data security thing" is long. Gov. Nikki Haley of South Carolina famously said that data encryption was "hard" when accepting blame (or at least discussing blame) for a breach in her state that exposed the tax returns of 3.8 million tax-paying residents and 700,000 businesses, along with the Social Security numbers and bank accounts of not only the affected taxpayers, but nearly two million of their dependents. Or for another quick example, remember the hacker who accessed Mitt Romney's personal email by guessing the name of his favorite pet? Bottom line, there is a tendency among our nation's leaders to not only avoid the hard questions, but to remain blissfully, or even willfully, ignorant of how the most important data security issues relate to the kinds of identity-related crimes that damage the lives of the people they are supposed to serve and represent--that is, until they find themselves on the wrong side of their ignorance and members of the media take notice.
When it comes to data security, rule number one is that you don't talk about how you manage your data security. Rule number two is that you don't talk about the fact that you don't talk about how you manage your data security. This leaves a lot of room for fudging how you do data security. In the realm of politics, these rules need to be slightly amended. It is crucial that our leaders demonstrate a nuanced understanding of the unique threat to national security posed by cyber threats.
That said, it is unfortunate -- yet abundantly clear from the debates of both parties so far -- that there is far greater voter appeal in things like Donald Trump's Great Wall of Mexico than more (or at least equally) substantive issues like cybersecurity (or America's lack thereof). But as Sen. Webb tried to point out in the first DNC debate, a firewall around our nation's most sensitive information is much more important than the dog-and-pony-show issues being bandied about by most of the candidates.
When it comes to Hillary Clinton's (admittedly) extremely bad idea to maintain a private server and use it for state business, I'm with Sen. Bernie Sanders, who told the former Secretary of State: "The American people are sick and tired of hearing about your damn emails!" But that's because they don't know why it matters. As Sen. Webb discovered, it truly is "hard" (to borrow Gov. Haley's word) for a leader to explain such things when all the stars are aligned against such substantive discourse. And until America's leaders acknowledge that the Cyber War has replaced the Cold War and fully appreciate the dangers of not making cybersecurity a front burner issue, it may not matter which server is the right server, because none will be.
The above is an adapted excerpt from Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves, which hits bookstores everywhere Black Friday.