This past Friday while Washington D.C. closed down for the weekend and our elected officials retreated back to their mansions for some much needed R&R, the Trump Administrations latest Executive Order was leaked online. Yet to be signed into law and entitled “Strengthening US Cyber Security & Capabilities,” the document outlines a series of proposals/goals in order to help secure America and its infrastructure.
Leaked Draft of Presidential Executive Order: https://assets.documentcloud.org/documents/3424611/Read-the-Trump-administration-s-draft-of-the.pdf
Before we move forward, you might remember that in the weeks leading up to his inauguration, Donald Trump and members of his administration have repeatedly stated that any such solutions to our Nations cyber problems were going to have to start coming from the “private sector,” not necessarily current “Federal employees” – whom, as you might remember, were the same people employed while the country was being hacked/exploited in the first place. Essentially, if the Federal Government really had the answer to our Nations cyber security concerns, don’t you think they would have been implemented?
Analysis of the Executive Order
First Sentence: “Enhance the security of The Nation’s cyber infrastructure.”
My Response: This can only be done through mass education/awareness about strong encryption measures/procedure, including peoples rights to use/implement encryption – which has been legally under attack throughout the Obama Administration.
Here is one example of everything we are talking about here, about the Federal Trade Commissions $25,000 reward for any solution leading to a secure internet of things in the future: https://s3.amazonaws.com/public-inspection.federalregister.gov/2016-31731.pdf
A proposal to which I offered the U.S. Trade and Development Agency (USTDA) the following advice/message: “there will never be a solution/patch to this problem until you override all the changes made to encryption Laws and encryption protocol in regards to how these devices are actually made/manufactured/produced off the assembly line to begin with.”
Coincidentally enough? Literally within 24 hours after sending them this message news broke about the Federal Trade Commissions decision to file an international lawsuit against a Taiwanese company, for negligence, for not securing IoT devices as they are being produced – leaving users vulnerable to hackers. Even if devices can not be fully secured in the USA anymore thanks to the FBI, devices can be fully secured as they are produced in different countries – outside US Law/restrictions.
Regardless of that, I maintain that just as with ‘the Internet of Things,’ strong encryption rights/protocol for citizens and devices produced inside the USA is necessary if we ever hope to secure the infrastructure within this country – meaning all the IT devices and networks inside the country.
There also needs to be a mass awareness/public relations campaign, both in Government and the private sector/society, about how to read, write and remember strong passwords. I did see that the Director of National Intelligence put out a short social media video about this on Facebook the other day and while it was a nice start, we can still do more.
Not to repeat myself, but strong encryption protocol and strong encryption rights for the American public has not traditionally been supported by the US Government/Presidential Administrations over the years and while this may help some individual Government agencies, it leaves the American public open and more vulnerable to “cyber adversaries.”
Second Sentence: “Free and secure cyberspace is essential to advancing US National interests.”
My Response: The cost of internet service itself needs to be reduced by individual Internet Service Providers. I say this because there is still a portion of the American public that can not afford to have internet access nor the ability to have reliable and regular internet access – higher percentages in America’s inner cities.
If we reduce the costs, while ISP’s may make less per customer, they will obtain more overall customers – which may retain some of their expenses. Even if it does not, these corporations have had a monopoly of sorts on internet access itself and I do not really care if they loose some money – I am more concerned about spreading internet access/usage to the American public than I am about some rich corporations quarterly statements.
I think these companies can manage a decrease in internet price just fine and if they cant, then allow new competitors to enter into the market to achieve just this. This, of course, leads us straight to the emergence of the whole net neutrality debate.
It has already been documented that many members of the Trump administration have already spoken out against new neutrality laws recently, a move which I do agree with – particularly due to Bill Gates net neutrality case/loss in India in 2015. Competition in any market lowers prices and is beneficial for customers, we can free up the internet market a little bit more for people than we currently do.
Last Sentence: “Defend US interests in cyber space; and identifying, disrupting and defeating”
My Response: I think that is self evident and bordering on redundant for the paragraph, I do not think it necessarily needs to be included in the sentence. Not only is it not adding any new information but it could be construed as belligerent in a way – and that word is not meant as an insult, rather the words literal meaning.
If I were proof-reading the document I would insert the word “defeat” for the sentence to then read”…spectrum of our capabilities to defeat malicious cyber actors…” – but that’s just me.
Sec -2 Findings – (b)
My Reply: It is not necessarily that hacks are “evolving,” so much as they are getting simpler in a way – if that makes sense? If you think about it, just two decades ago computers, websites and virtually everything else was much more vulnerable to hacks than the technology being produced today. Moreover, though not nearly enough, more people are aware of how to protect themselves online and/or secure their devices than at any other time in the past. In this way hacking is much more ‘limited’ in 2017 than it used to be.
From the perspective of the hackers, less overall targets to potential attack means better planed, more coordinated/researched attacks on more specific/individual people/devices/networks.
For a quick example of what I mean here, the East Coast USA internet outage of October 2016 was duped perhaps “the largest cyber attack in US history,” but in reality it was just a rudimentary DDoS attack – it just happened to be placed in very smart spot. As for the ‘cyber attack’ itself, it was nothing impressive, the BotNet that performed the attack is even open source and freely available on the internet for anyone to find/use.
It is already widely documented how the NSA was hacked by email based spear-phishing techniques , Hillary Clinton, the DNC and John Podesta were all hacked for not having secure accounts or log in credentials and CIA Director Brennan was hacked by Social Engineering.
I think it goes without really saying, but these are not exactly genius level cyber campaigns/attacks on this country or our Government.
Sec – 2 Findings – (e)
My Criticism: Quite frankly it is frustrating to read a statement like that especially given my personal political inclinations. It is frustrating because how can you make a statement like that without offering any solution?
I believe in order to get the Government to function better and get all these agencies to start working with/collaborate with one another, we are going to need to start employing independent contractors/arbitrators to pull it off. The second solution would come in a closing/consolidation of several US Federal Agencies in 2017.
One of the true shames of the US Government is that we have countless 3 letter acronym agencies/departments/organizations, spending hundreds of billions collectively, working on many topics/issues that happen to overlap with one another, but almost none of them talk to one another – it is such a waste of time/effort/potential.
I have talked with members of the Department of Homeland Security and turned down working for the agency because I believe that the DHS itself is unconstitutional. If I were a member of Congress for example, I would be working to shut them down – no offense @DHS.
Closing the DHS does not mean anyone would necessarily lose their job or that I think DHS employees are the ‘bad guys,’ when I would close DHS I would reassign all the employees to different agencies – such as the CIA or NSA – where their assets/skills will still be needed.
Information/intelligence can be passed from A to B to C much more quickly and efficiently if we start to consolidate all of the steps/agencies/people involved – we are all on the same team at the end of the day I think. None of this is to mention the cost we can save consolidating all the bureaucracy in our Government.
Outside of DHS how many other acronyms could be consolidated/liquidated into one another? I think there are some, if not many.
Sec. 6. Review of Cyber Adversaries
What I think is important for people to understand is that many of these cyber attacks/attackers do not perform the attacks on behalf of or in association with any Government; Government Agency. This does not mean a hacker/cyber attackers country of origin is not fundamental to part of the problem – allow me to explain.
The countries with the largest bandwidth and fastest internet naturally tend to host “the best” hackers. It just so happens that countries such as Germany and Romania are internationally renown for having some of the fastest internet in the world. Consequentially we see that the USA tends to absorb an unusually large percentage of cyber attacks originating out of Germany, Romania and Turkey.
It is critically important to understand that this does not mean President Merkel, Iohannis and Erdogan are orchestrating/coordinating these attacks, rather, it is more likely just some random citizen that happens to live in these countries – taking advantage of the countries fast internet speed.
For example, Romania is a close US military ally and NATO partner, but Romanian citizens try to hack everyone because Romania happens to offer some of the highest bandwidth – which is needed to effectively pull of their attacks. Another example can be seen in Turkey where many of the cyber attacks we see coming out of this country are being performed by actors whom also adamantly oppose Erdogan and Turkeys Government at the same time they are attacking the US.
My point is that many, if not most, of the cyber attacks on US infrastructure are not politically motivated or conducted on behalf of some some other countries “national interests.” Even if a hack happens to target a US politician or Federal Official and is carried about by a foreign national, it does not mean the act was perpetrated by a foreign countries Government.
There are some stupid, bored or naive people/hackers that lurk on the internet. The US Government should not make the mistake of thinking that every cyber attack/hack from someone outside the country is some sort of act of War between Nations.
I also brought up bandwidth and internet speed because, for example, my personal internet provider – Comcast – intentionally caps their customers individual band width. Theoretically, this means if I was going ‘head to head’ with a hacker in Romania or Germany, it would not be an equal playing field for me.
Sec. 7. U.S. Cyber Capabilities Review (d)
I believe we need to greatly invest in technology/computers inside America’s classroom and no, I do not want to hear one bit about budgetary constraints. The US has nearly 20 trillion in debt and we did not get there because we did not have enough money to spend – we can invest in education and pull off great results if people just got their priority straight.
It amazes me how there are not more computers in America’s classrooms and it is a damn shame that video game consoles per student outnumber school room computers per student – there is also no excuse for this in 2017. These kids can go home any play first person shooter War video games with random kids in Africa/Asia online, but we can not connect America’s classrooms online for educational purposes?
I have always advocated bringing computers or even something as simple as an Xbox into each classroom and using it for diversity/educational purposes to enhance the education experience and help keep kids visually engaged. I have also advocated for a type of international teacher exchange in schools via the internet.
For example if students have a European/African history class, why not connect that class to teachers in Europe and Africa? If a student in Europe has an American history class, why not connect those students to an American teacher? We have the technology to pull something like this off rather easily.
As for how to get technologically literate generations, for the purposes of keeping this segment short, some programmers have already invented coding games for young children to teach them how to learn programming languages at younger ages. These countries are hoping for a pay off later down the road when these kids grow up to be fully functional adults in the national work force. There is no reason this type of strategy could not also be implemented inside the USA with our youth.
As for what the US Government can do itself, I think it needs to offer more scholarships for high school students to incentive them to go into cyber related career fields or study for positions that might land them a Federal position somewhere. While there are some programs/scholarships/advertisements currently in effect, we could expand upon them.
I would argue the country might benefit in the long term by putting more money into this sort of action in the short term. We can revolutionize the way that the Government and our military recruits by sponsoring more people to go to school where they can improve their lives while also working for the betterment of the country itself.
Sec. 8 (b)
Refer to Section 2 article (e) found above
** Normally I make everything on this site free and open source, but not this information. If I see any of this information reproduced or disseminated, in any format, without my direct acknowledgement or consent you will be sued for intellectual property theft – careful FTC **