How Trump's comments on information security may affect cybersecurity policy

On the eve of the New Year, President-elect Donald Trump said a few words about cybersecurity. As it happens, his words caused a stir.



“If you want to convey really important information, write it down and deliver it in the old manner - by courier. I'll tell you what: there are no secure computers, ”Trump said. “It doesn't matter what others say.”

')

Although many have ridiculed this statement, the issue of storing confidential information offline has become particularly interesting after the sensational hacks of the Federal Office of Personnel Services, the United States Tax Administration and the Democratic Party’s National Committee. Should the government think about returning to the pre-technology era?



Offline communication is initially safer than digital communication, since to intercept a message you need to be in close physical proximity to the source of information (according to available information, Trump rarely uses email or a computer, although it is obvious that he likes Twitter).



Donald Trump has firsthand knowledge of hacker actions. Over the past few years, the Trump Hotel chain has been hit by a host of cyber attacks, as a result of which personal information was revealed to 70,000 customers, and New York State fined the network $ 50,000.



The problem lies in the impossibility of even assuming a return to the services of couriers due to the excessive development of our technologies.



“We have released the technological gin from the bottle and will not be able to bring it back,” said Robert Huber, Chief Security and Strategy Officer at Eastwind Networks. “The trend is to move commercial services exclusively to the Internet, sometimes making it impossible to get these services in other ways.”

---

“There is no 100% secure method of communication. And the considerable damage to efficiency when returning to manual writing makes this method inapplicable. ”



Rob Sobers

Varonis Leading Marketing Director

---

Data that has not yet been digitized can easily be transferred to it using basic modern technologies.



Rob Sobers, director of cybersecurity security company Varonis , says: “The widespread adoption of mobile phones with integrated cameras makes letter digitization an elementary task. There is no 100% secure method of communication. And the considerable damage to efficiency when returning to manual writing makes this method inapplicable. ”



Full rejection of digital communication for the sake of security is almost impossible. Exabeam CEO Nir Polak (Nir Polak) agrees: “Denial of digital storage of banking, commercial, medical and other information is doomed to failure. In the end, even if somehow convincing each employee to send paper letters instead of emails, they will still sit on the Internet and, thus, add malware to the system from questionable web pages. ”



Experts believe that it is best to prevent the problem.



Nir Polak adds: “The bottom line is that most of the valuable information of any company is already stored in digital form and the number of ways to get it is growing, not decreasing. It should focus on protecting the system, not returning to the past. ”



Simon Gibson, security developer at Gigamon and former director of information security at Bloomberg, argues that it's not about the lack of secure computers. In his opinion, “the problem is how we think about data protection. The better the systems are interconnected, the more effective they are. ”



Simon Gibson explained that risks should be better assessed by tracking information available electronically and generally available via the Internet. Nevertheless, even the best security system does not protect against improper handling.

---

"Ultimately, the best ways to protect against malware and phishing, as well as biometric authentication, will become as familiar to everyone as fastening a seat belt in a car."



Ethan Ayer (Ethan Ayer)

CEO Resilient Network Systems

---

“Cyber ​​security services can reduce the risk, but they should be provided with adequate resources and constantly monitored their work to reduce the risk,” said Robert Huber. “Although physical means of protection, such as locks, cameras, and motion sensors, can increase safety at home and in the office, there is also a residual risk.”



Nevertheless, there are proven methods that complicate hacking or make it more costly, ranging from technical methods (encryption, multifactor authentication, secure e-mail) to culture (increased knowledge, careful information sharing, privacy protection).



Ethan Ayer, CEO of Resilient Network Systems, states the following: “At an early stage in the development of motorism, before the invention of airbags, deformation zones and seat belts with three-point attachment, it was much more dangerous to be a driver. In the digital age, virtually everyone is driving a dangerous data-loaded vehicle, and we are still at the initial stage of digital security development. Ultimately, the best ways to protect against malware and phishing, as well as biometric authentication, will become as familiar to everyone as fastening a seat belt in a car. ”

What follows from this?

At the moment, Donald Trump did not provide details of the cybersecurity plan, although after the attacks of Russian hackers last week he made the following statement:



“Whether we are talking about our government, organizations, associations or enterprises, we have to resolutely fight and stop cyber attacks. I will appoint a team of people who will have to submit a plan to me within 90 days after taking office. The tools, methods and tactics to ensure America’s security should not be made publicly available, which can be used to our detriment. In two weeks, I will take the oath and the safety of America will be my main goal. ”



Since at the moment, little is known about Trump’s specific plans in the information technology field, experts are thinking about how such statements made on the eve of the New Year will affect the country's cybersecurity policy. In which direction will it go? Will it be possible to slow down the development of information technology by the US government?

---

"We live in a technological society, and I doubt that we will fully return to the days of couriers, tracked envelopes and the exchange of notes within institutions."



John Bambenek

Fidelis Cybersecurity Threat Detection Manager

---

Rob Sobers of Varonis believes that something similar to the new EU General Regulations for the Protection of Personal Data will be created, according to which companies are allowed to use technology, but it is necessary to ensure that important data are seriously protected.



John Bambenek, Fidelis Cybersecurity’s threat detection system manager, predicts that Donald Trump’s view of technology makes it clear that he will use a strategic conservative approach in applying new technologies.



Bambenek said: “I can’t imagine the new management to apply new technologies for the sake of applying new technologies. We live in a technological society, and I doubt that we will fully return to the days of couriers, tracked envelopes and the exchange of notes within institutions. But it should be expected that the new leadership will not rush to introduce new technologies without understanding the risks and ways to reduce them. ”



“President-elect Trump will need knowledge of the risks and opportunities to ensure cybersecurity, in order to counter them with the benefits,” says Robert Huber. “I’m convinced that the benefits of technology are obvious to Mr. Trump, so that he will especially focus on cybersecurity during his presidential term.”

How can this affect the private sector?

Paradoxically, the public is saddened by the increase in the number of procedures to ensure safety, which means that increased safety may be in the public interest, but it may not be the optimal solution. A recent McKinsey study found that customers who felt annoyed during the authentication process typically use digital services at 20% less.



“The biggest obstacle to improving computer security is the initial conflict between security and ease of use,” says Ethan Ayer. “Consumers want the use of digital technologies not to cause problems, but many modern protection measures have a negative effect on the use and, ultimately, on the net profit of companies providing digital services. We are at the stage of development when consumers and companies are trying to find a balance between convenience and safety. ”