DONALD TRUMP HAS made no secret of his “bomb the s&*$t out of them” approach to foreign conflict. But when it comes to America’s digital security, his prescriptions have mostly been limited to vague calls to “get tough on cyber” and invitations to Russians to hack Hillary Clinton’s email. Today, however, Trump got a bit more specific about the digital security postures he would favor as president—and set a new benchmark for a hawkish approach the online world.
“As a deterrent against attacks on our critical resources the United States must possess…the unquestioned capacity to launch crippling cyber counter attacks,” Trump told the crowd at a Retired American Warriors town hall in Virginia today. “I mean crippling. Crippling.”
In his remarks, Trump offered his most detailed statements on cybersecurity yet, and emphasized that his administration would prepare for cyberwar by maintaining strong offensive capabilities. He referenced private sector breaches like those at JP Morgan Chase, eBay, and Target as evidence of America’s digital vulnerability. And he went on to sketch a plan for strengthening the federal government’s digital defenses across all agencies, saying that he would push for the formation of a public-private oversight committee to “review all of our cybersecurity systems and technologies.”
But Trump repeatedly returned to suggestions of a more offensive approach to the digital world, to fight everything from cybercrime to terrorism. “We should turn cyber warfare into one of our greatest weapons against the terrorists, and they have to know it’s coming,” he said at one point, perhaps referencing his call to shut down the internet in ISIS-controlled Syria last December. “Today is just the beginning of a long and overdue national discussion on how to protect ourselves from modern cyber crime and evolving national security threats and how to develop the cyber offense strategies necessary to gain a critical security edge in the 21st century.”
As typically aggressive as Trump’s remarks sounded, they echo a broader trend in Washington toward more open discussion about an offense approach to cybersecurity. Speaking about cyber warfare capabilities last month, President Obama for instance said after the G-20 conference in Hangzhou, China that “we’re moving into a new era here where a number of countries have significant capacities. And frankly we’ve got more capacity than anybody, both offensively and defensively.”
Clinton, who has long said that her approach would build on Obama’s Cybersecurity National Action Plan, has adopted similar rhetoric. “We need to make it very clear—whether it’s Russia, China, Iran or anybody else—the United States has much greater capacity,” she said in the presidential debate at Hofstra University last week. She added at the time, however, that she would only lead the U.S. to mount cyberattacks out of absolute necessity. But at a rally last month she noted, “As president, I will make it clear that the United States will treat cyberattacks just like any other attack. We will be ready with serious political, economic and military responses.”
Not one to be outdone in saber rattling, Trump added in his speech today that “I will make certain that our military is the best in the world in both cyber offense and defense and in every other way.”
The more offensive approach Trump and others have voiced actually resonates with some in the cybersecurity community. Adopting that more offensive mindset may be necessary, argues Michael Borohovski, the co-founder of security company Tinfoil Security, given that cybersecurity favors attackers and makes defense an endless task of sussing out and fixing vulnerabilities. “I think we do need to switch into a very offensive mindset, if only so we can better understand the ‘attack surface,’” says Borohovski, using the industry term for the collection of targets available to a hacker’s attacks. “It’s the only way we’re going to be able to keep up. A defender has to win every time but an attacker only has to win once.”
But others have disputed that aggressive approach, arguing that launching retaliatory cyberattacks is risky in a world where hackers’ identities aren’t always clear, and leads to a cyber arms race in which the U.S. has more to lose than to gain. “We’re opening ourselves up to attack,” NSA defector Edward Snowden said in a recent PBS documentary, for instance. “We’re lowering our shields to allow us to have an advantage when we attack other countries overseas, but the reality is when you compare one of our victories to one of their victories, the value of the data, the knowledge, the information gained from those attacks is far greater to them than it is to us because we are already on top.”
Regardless of those differing approaches, Trump’s mostly-hand-waving remarks didn’t impress cybersecurity experts looking for more concrete details about the initiatives he’s proposing. “I don’t find this very credible, because what does he know about cyber defense?” asks Joseph Loomis, the CEO of security firm CyberSponse. “I don’t think he knows anything about…how a cyberattack is initiated or how to defend against one.”
Instead, per usual, Trump’s remarks repeatedly stressed America’s declining stature in the world—in this case the digital one—followed with blanket promises to improve it. “This is the warfare of the future. America’s dominance in this arena must be unquestioned, and today it’s totally questioned,” he said. “We need the edge, and ideally a big one.”
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.