Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

9/27/2016
05:30 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Clinton, Trump Debate 'Twenty-First Century War' Of Cyberattacks

Lester Holt led with topic of cybersecurity as the first question on national security in Monday's Presidential debate.

A long-standing inside joke in the security community is to tweet "drink" when the word "cybersecurity" is uttered by the President at the State of the Union Address or by candidates during a Presidential debate. During Monday's televised debate between Presidential candidates Hillary Clinton and Donald Trump, there were plenty of opportunities to imbibe (um, tweet).

The very first question about the nation's security was about hacking. Debate moderator and NBC news anchorman Lester Holt posed the question to the candidates at the top of the third and final section of the debate, Securing America:

"We want to start with a twenty-first century war happening every day in this country. Our institutions are under cyberattack, and our secrets are being stolen. So my question is, who's behind it? And how do we fight it?" Holt asked.

Both Clinton and Trump stressed the importance of cybersecurity for the next administration. "Well I think cybersecurity … cyberwarfare, will be one of the biggest challenges to the next President because clearly we're facing at this point two different kinds of adversaries," nation-state actors and cybercriminals, Clinton said.

Clinton also called out Russia's recent hacking activity. "There's no doubt now that Russia has used cyberattacks against all kinds of organizations in our country and I am deeply concerned about this."

The US needs to "make it very clear" to nations who engage in cyberattacks against the US that "the US has much greater capacity and we are not going to sit idly by and permit state actors to go after our information: our private-sector information or our public sector information," she said. "And we're going to have to make it clear that we don't want to use the kinds of tools that we have. We don't want to engage in a different kind of warfare. But we will defend the citizens of this country, and the Russians need to understand that."

Cracking down on hackers was also Trump's sentiment. "We have to get very tough on cyber and cyberwarfare. It is a huge problem," Trump said. "The security aspect of cyber is very, very tough and maybe it's … it's hardly doable."

But Trump disputed the conclusion that the recent cyberattack on the DNC and others came via Russia. "I don't think that anybody knows it was Russia that broke into the DNC ... It could also be China or it could also be lots of other people, or somebody sitting on their bed who weighs 400 pounds."

Both candidates to date have had some very public cybersecurity woes of their own: Trump with his Trump International Hotels data breach, and Clinton with the Democratic National Committee (DNC) breach and data dump that appeared to show favoritism of Clinton over Bernie Sanders as its candidate, as well as her use of a personal email server instead of the US Department of State's official email system.

Security experts say while cybersecurity got some time in the limelight in the debate, the candidates were slim on their policy details. "It was encouraging in terms of their discussing national security and that cybersecurity is at the forefront of those kinds of issues. Both … singled this out as a very strong priority of theirs," says Rob Sadowski, director of marketing and technology solutions at RSA. "However, when they started to get down into details, I don't think we saw any concrete indications of actions or recommendations on how they would handle this complex and nuanced issue."

Still missing from the political conversation is a set of norms for cyber activity, he says. "We're already seeing nation-states or quasi nation-states or state-sponsored groups testing the limits on norms of behavior and potential policies out there. "It's very important for any of these candidates to set out 'What are the norms of behavior? What should we expect? What should the appropriate responses be?'" to activity by nation-states that violate those norms, he says.

Security expert Wesley McGrew, director of cyber operations at Horne Cyber, was disappointed that the candidates focused more on cyber espionage and nation-state activity rather than cybersecurity overall.

"Ultimately, what’s missing from the discussion is what will be done for non-government-affiliated businesses. Unless serious and widespread economic damage is caused by an attack, cyber security will remain focused on espionage and state-on-state attacks in the eyes of the executive branch," McGrew wrote in a blog post today. "This may seem reactionary, but until such a serious event occurs, there simply isn’t a dramatic enough and widely recognized incident (like 'Russians hack the DNC!') to rally interest in a campaign season defined by bombastic statements and positions."

Still, in many cases the lines are blurring between cybercrime and cyber espionage, notes RSA's Sadowski. "Where do you draw the line between" cyber espionage, cybercrime, and hacktivists, he says. "Nation-state attacks … are not just limited to the government or private industry. They are into the public sector" as well, he says.

That in turn clouds the issue of what responsibility if any the government will take to help protect the private sector from cyberattacks, he says.

The hope is that the candidates will drill down on their policy details in one of the next two debates – security defense, offense, and everything in between.

"In the next debate, both candidates need to expand on their policies for mitigating cybersecurity threats that affect governments and private businesses (a conversation worth more than the five minutes granted by this debate)," says Tony Gauda, CEO of ThinAir. "Our generation's battlefront will be digital, and we must make sure the right tools are being deployed to prevent sensitive documents from being leaked and used against American interests.”

Related Content:

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ted90
0%
100%
ted90,
User Rank: Guru
9/29/2016 | 12:59:38 PM
192.168.1.1
I was looking for this information, good job guys, thanks for the post!
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Ninja
9/28/2016 | 11:36:07 AM
Caution
I disagree with McGrew's sentiments.  Short of legislating adoption of widely accepted, strong security standards (e.g., PCI-DSS, which Nevada already mandates), I want less government control/regulation related to private-sector cybersecurity -- not more.  I have difficulty fathoming anything the federal government can do regulatory-wise or law-wise that will make things better (and most things I can imagine would make things worse).  This kind of thinking is what gave us CISA, after all.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17452
PUBLISHED: 2020-08-09
flatCore before 1.5.7 allows upload and execution of a .php file by an admin.
CVE-2020-17451
PUBLISHED: 2020-08-09
flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter.
CVE-2020-17447
PUBLISHED: 2020-08-09
MyBB before 1.8.24 allows XSS because the visual editor mishandles [align], [size], [quote], and [font] in MyCode.
CVE-2020-16248
PUBLISHED: 2020-08-09
** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability.
CVE-2020-15820
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.