The Russians are coming — and Trump left the door wide open.
That finding would be alarming on its own, but that’s not even the worst part.
Thanks to the negligence of the Trump White House, the 71 federal agencies deemed at “risk or high risk” of cyberattacks due to inadequate cybersecurity programs are also woefully ill-equipped to develop better policies to detect and mitigate threats.
As The Washington Post describes, “the results of this report spotlight how the federal government is still struggling to organize its cybersecurity efforts. And former White House and DHS officials worry that the Trump administration lacks a path forward without proper leadership at the top.”
Typically, the White House cybersecurity coordinator would lead such efforts. But earlier this month, the White House eliminated that position, which was created nine years ago to designate a point person to take the lead on cybersecurity-related policies.
At the time, cybersecurity expert Bruce Schneier slammed the decision to axe the job as “a spectacularly bad idea.”
The move also flatly contradicted Trump’s campaign rhetoric and exposed his hypocrisy on issues related to cybersecurity. After spending months on the campaign trail berating Hillary Clinton for her email server and portraying her as a threat to national security, Trump took office and promptly set about doing nothing to improve our nation’s cyberdefenses.
In some instances, Trump even managed to do worse than nothing at all.
As he headed into the second year of his presidency, Trump still hadn’t nominated anyone for Homeland Security undersecretary running the department’s National Protection and Programs Directorate, described as “the most important cybersecurity job in the government.” Among other things, the person who holds that position is tasked with securing our election systems and protecting voting machines from hacking or other cyberattacks.
In December, just hours after signing the annual defense spending bill known as the National Defense Authorization Act (NDAA), Trump released an accompanying presidential signing statement formalizing his opposition to a slew of measures, including critical cybersecurity initiatives, aimed at enforcing a tougher U.S. policy towards Russia.
In the signing statement, Trump specifically noted his objection to the subsection directing the military and other government agencies to strengthen our defenses against cyberattacks, as well as developing new strategies to counter the “use of misinformation, disinformation … active measures, propaganda, and deception and denial activities of the Russian Federation in the United States and Europe, through traditional and social media.”
Two months later, in February 2018, budget director Mick Mulvaney used his role as the head of the Consumer Financial Protection Bureau to kill the investigation into Equifax, the credit bureau that had just suffered a huge breach of personal data.
With top government officials, including the president, signaling that cybersecurity is not a priority, perhaps it should not come as a surprise that the new risk assessment found that “only 27 percent of federal agencies report that they have the ability to detect and investigate attempts to access large volumes of data, and even fewer agencies report testing these capabilities annually.”
“Simply put, agencies cannot detect when large amounts of information leave their networks,” the report states.
The negligence of the Trump White House is even more egregious when considered in the context of the growing threats we face in the cyber realm.
In a February 2018 report, Director of National Intelligence Dan Coats warned that “both nation states and malign actors [have] become more emboldened and better equipped in the use of increasingly widespread cyber toolkits. The risk is growing that some adversaries will conduct cyber attacks — such as data deletion or localized and temporary disruptions of critical infrastructure — against the United States in a crisis short of war.”
In the face of these growing threats, the first 16 months of Trump’s presidency have been characterized by a lack of clear leadership on cyber policy, reckless use of unsecured personal devices by White House officials, and a total failure to impose sufficient penalties for cybercrimes and data breaches.
This new report makes it clear that Trump’s incompetence is having real-world effects and leaving us more vulnerable to cyberattacks aimed at critical targets like our election machines, energy grid, telecom infrastructure, emergency response systems, and military — at the same time that our adversaries are becoming more sophisticated and emboldened.
Even now, Trump is still not addressing these very real and very consequential national security issues, choosing instead to spend his time attacking the very agencies that are in charge of defending against the threats that he refuses to acknowledge.