Last night’s presidential debate between Democrat Hillary Clinton and Republican Donald Trump had a surplus of strange moments, but few could top a sequence about cybersecurity that pivoted on who’s to blame for recent hacks of Democratic National Committee servers.
Clinton led off with the obvious—“cyber warfare will be one of the biggest challenges facing the next president”—and noted the importance of distinguishing between commercial and state-sponsored or state-executed attacks. The former Secretary of State suggested that Russia deserved close scrutiny and should possibly face counterattacks: “The United States has much greater capacity, and we are not going to sit idly by.”
Trump, however, shrugged off the idea that Russia was behind the DNC hacks. “It could be Russia, but it could also be China. It could also be lots of other people,” he said. “It also could be somebody sitting on their bed that weighs 400 pounds, OK?”
Trump’s who-really-knows take on “the cyber” continued with his complimenting his 10-year-old son Barron for being “so good with these computers, it’s unbelievable” but but then suggesting that “the security aspect of cyber is very, very tough.”
Trump’s grasp of the material seemed a whole lot thinner than Clinton’s — he’s definitely not ready to start giving keynote speeches at cybersecurity conferences — but neither candidate provided much clarity about what they would do to strengthen America against online attacks. For that to happen, we’d need a debate on cybersecurity issues that had time to get into more than one of them. These topics would make for a good start:
Encryption
Clinton’s campaign has stayed squishy on the subject of how much of a problem it is for hardware and software developers to build encryption into their products that can’t be unlocked without the help of the user. Her latest contribution to this debate was suggesting that we study the problem further. Trump, meanwhile, departed from his usual vagueness to denounce Apple for its effrontery in not helping the FBI unlock the iPhone of one of the San Bernardino shooters, saying “who do they think they are?”
Vulnerability hoarding
Last month, a group of hackers began selling tools to attack routers from Cisco Systems, Juniper Networks and other vendors — tools that exploited vulnerabilities that the National Security Agency had apparently known for years without disclosing them to the companies affected. We’ve traditionally accepted that the NSA can hang onto “vulns” to launch surprise attacks against targets in other countries, but how long should it be able to hoard them without advising US firms to patch their systems?