Dec. 6 — The unpredictability and assertive tone of the incoming Trump administration may motivate nation-state and black hat hackers to more aggressively attack the U.S., cybersecurity analysts told Bloomberg BNA.
For cybersecurity, instead of draining the swamp President-elect Donald Trump may be creating a cyberattack risk quagmire.
U.S. companies may also be worried by more motivated nation-states, such as Russia, China and North Korea, that may leverage against them any information stolen from the transition team and incoming government.
Trump’s unpredictable foreign policies may also increase the risk of a cyberattack against the president-elect or his transition team. Hackers have made “cyber espionage a higher priority” to gain “insider information” on his policies, French Caldwell, chief evangelist for governance, risk and compliance company MetricStream Inc. in Palo Alto, Calif., told Bloomberg BNA. Trump’s post-election activity, such as a telephone conservation with Taiwan’s president, may have ruffled the feathers of countries across the globe, analysts said.
In addition, Trump’s highly divisive campaign may have put a bull’s-eye on his back for potential hackers. Many individuals who “have a visceral reaction to a Trump presidency may have a misguided view that cyberattacks and espionage, though illegal, are justified,” Caldwell said.
The transition team is a target too and will face the same cybersecurity “challenges that any commercial enterprise faces,” he said. Those threats include phishing and other attacks on transition related websites, e-mails and databases, he said.
The hackers may target “the dossiers of potential political appointees,” national security secrets and other political documents, Caldwell, who worked with the White House to develop the George W. Bush administration’s Digital Pearl Harbor war game, said. In addition to the high-level Cabinet positions being filled, the transition team will be assisting Trump in filling some 4,000 other political appointments. The team will access the personal information for such candidates.
Kurt Baumgartner, principal security researcher on Kasperky Lab Inc.'s global research & analysis team, told Bloomberg BNA that the transition team represents a “fairly large attack surface” because of the many staff members, attorneys, appointees and advisers that make up the team. With new members come new mobile devices, e-mail accounts and other cybersecurity vectors that may lead to the “immediate theft of data,” he said.
Jeremy Samide, CEO of Cleveland-based cybersecurity company Stealthcare LLC, told Bloomberg BNA that Trump’s Cabinet picks may gain the scrutiny of nation-state or other politically motivated hackers. “Trump’s bold and potentially controversial picks for certain Cabinet members and advisory team” may mean that there could be retaliation efforts if “expanded powers on surveillance and encryption are reinvigorated,” he said.
Representatives for the Trump transition team didn’t immediately respond to Bloomberg BNA’s e-mail request for comments.
Cybersecurity remains to be a major policy objective after receiving much focus during the election. President Barack Obama’s Commission on Enhancing National Security recently released a report on cybersecurity challenges and recommendations that the next administration must face. Whether Trump is willing or is able to adopt the report recommendations remains to be seen.
The scope and focus of the hacking attacks against the transition team will, nevertheless, mirror similar attacks launched allegedly by nation-state actors that infiltrated state voter databases, the Democratic Congressional Committee and countless private-sector companies that store sensitive data.
Nation-state hacks and industrial espionage continue to be the biggest threats that face the U.S., Samide said. These kinds of hackers have the reach, the bandwidth, funding, resource and intelligence apparatus” to conduct “a long standing cyber cold war,” he said.
Malicious actors won’t stop until they get what they are looking for, Samide said. Essentially, “time is in favor of the dark side,” he said.
Caldwell agreed that nation-states are “aggressively seeking information” from the transition team and won’t stop even after Trump is sworn into office Jan. 20. The transition “team should expect nation states to employ extraordinary cyber espionage resources,” Caldwell said.
To help mitigate these threats, Baumgartner said that the transition team needs to look from “the perspective of the attacker.” Putting yourself in the shoes of the hackers will help protect valuable data that the transition team would want secure, he said.
A nation-state hacker may want “data around decision-making that may be exposed to smear the team and candidates’ reputation,” Baumgartner said.
Trump’s transition team, led by Vice President-elect Mike Pence, has been filled with Washington insiders, former and current generals and lawmakers. Each of the transition team members, including Trump, may have intimate knowledge of national secrets, corporate data and other information that a nefarious actor may see as valuable and hackable.
Samide said that any introduction of new actors, such as the presidential transition team, will “automatically expand one’s digital footprint and increase cybersecurity exposure.” New people means new online threats and “essentially, the transition team itself becomes victims of targeted attacks in order to gain information and/or access and use them as leverage,” he said.
Additionally, Trump’s transition team is “moving slower than expected in developing cybersecurity policy or naming key staff to lead their cybersecurity initiatives,” Samide said. In reality, the transition team still must navigate the “bureaucratic positioning and political jockeying” to better complete its cybersecurity mission, he said.
Caldwell agreed that because so “many people are being considered for political appointments,” each individual becomes a target for a cyberattack. Outside of the transition team, anyone even mentioned as a political appointee needs to step up their cybersecurity at home, he said.
Hackers and other malicious actors are monitoring “each and every social media account, public record and leveraging their reconnaissance trade-craft into launching targeted phishing attacks and other hacking methods to get on the inside,” Samide said.
Source: Bloomberg BNA