One particularly disconcerting passage in Bob Woodward’s book, “Fear,” that should send shudders across party lines is an episode regarding President Donald Trump’s reaction to a meeting about cybersecurity.
According to Woodward, Trump was preoccupied with the Masters golf tournament in April when Tom Bossert, then the Department of Homeland Security adviser on counterterrorism and cybersecurity, asked to speak with him.
“I want to watch the Masters. ...You and your cyber ... are going to get me in a war — with all your cyber s—t,” the president reportedly told Bossert, now a security analyst with ABC News.
Trump had promised a comprehensive cybersecurity plan within 90 days of taking office, which proved to be lip service. Instead, he signed an executive order to protect government networks that was hardly groundbreaking, especially when dealing with a defense issue extending far beyond the public sector.
Subsequently, the late Sen. John McCain accused the administration of weak leadership on cybersecurity, while the Senate Armed Services Committee complained a clear policy is lacking.
On Oct. 21, 2016, the nation got a tiny taste of the possible disruption that could be caused by a cyberattack against the so-called “Internet of Things” — those seemingly benign devices attached to the information network.
The “Mirai botnet” launched an attack against Dyn, a New Hampshire company that provides a critical internet function for many internet sites in a Distributed Denial of Service (DDoS). It used 100,000 infected devices (routers, smart TVs, digital recorders, webcams, home automation kits, baby monitors — any insecure appliance connected to the internet) to send malicious traffic to overwhelm Dyn’s system with requests to access sites.
Among Dyn’s prominent clients temporarily taken down were Amazon, Airbnb, CNN, Comcast, Fox News, Mashable, Netflix, the New York Times, Pinterest, Reddit, Spotify, Starbucks, Twitter, Verizon, the Wall Street Journal and Xbox Live.
It could have been far worse.
Bruce Schneier, a noted security scholar and Harvard University lecturer, told the House Energy and Commerce Committee that “catastrophic risks” have come with the proliferation of insecure devices attached to the Internet. Gartner Research estimates it could be 26 billion devices by 2020.
Rather than just popular internet sites that don’t impact national security, an act of cyberwarfare could attack utilities, public safety, hospitals, financial institutions and schools.
Consider the chaos created if the electrical grid went totally dark — traffic lights not working, financial accounts not accessible, businesses shut down.
Technology experts have warned about our vulnerabilities and a worsening situation.
While major computer and smartphone manufacturers have taken security precautions with constantly updated firmware, too many appliances are simply “dumb.” That begins with many business and home routers that direct internet access, but lack protection without passwords or predictable ones.
As the cartoon character Pogo once said, “We have met the enemy and he is us” — as consumers purchase inexpensive merchandise frequently made overseas and lacking security.
It’s not just a U.S. problem.
According to the Seattle-based cybersecurity firm F5, four days before Trump and Russian President Vladimir Putin met in Helsinki, Finland, China launched “brute-force attacks” against Finnish internet-connected devices in an attempt to control gear providing it with audio or visual access.
Meanwhile, hacking is a problem that goes far beyond the recent charge that a North Korea intelligence agent broke into files at Sony Pictures in 2014 when it was about to release a movie lampooning Kim Jong-Un.
Highly computerized vehicles may be susceptible to hackers — and that’s even before the widespread advent of automated, “self-driving” cars. Chrysler recalled 1.4 million cars to fix software vulnerability in 2015. Tesla sent a security patch for its Model S cars a year later.
And what about an out-of-control truck fleet that relies on GPS tracking and remote devices to keep secure vehicles overnight at depots or overnight locations? According to the Guardian, trucking companies are working with security experts to avert a potential disaster.
In January, the Washington Post reported that “highly sensitive information about the locations and activities of soldiers at U.S. military bases” was available by accessing fitness trackers worn by soldiers.
Then there are the supervisory control and data acquisition (SCADA) systems throughout industry to monitor and manage machines, including those operating nuclear power plants, dams and pipelines.
U.S. and Israeli intelligence revealed their vulnerability in 2005 by deploying Stuxnet, a “computer worm,” to attack centrifuges used in the Iranian nuclear program.
Because of the Russian investigation, Trump may chafe at anything involving cyberspace, preferring a Space Force championed by military contractors.
However, the potential dangers to national security inherent in a cyberattack are more immediate and potentially dangerous. Leadership is desperately needed.