A piece of political drivel purporting to show the "cyber policy" of Hillary Clinton and Donald Trump [http://lifehacker.com/hillary-clinton-and-donald-trumps-cybersecurity-platfor-1784790979 ] does nothing to that end, but it does point out what a machine can do when it gets warmed up. There are stories being circulated on almost every aspect of life that will be better under one of the political candidates, but they are stories that have no basis in fact. Cybersecurity is one of them.
Neither political candidate has a good record in security of their computers - Trump in his businesses, which have been repeatedly hacked; Clinton in her State Department which was hacked with equal frequency and her private e-mail server where "there was no evidence of any hacking there" which is a favorite line of any political person in government. We all remember the same comments about OPM and the lost security clearance data.
The author of the cyber policy comparison said neither candidate had a policy, but went on to say what great and wonderful things the Democrats will do if they win. He based that on all the great and wonderful things the White House has done over the last eight years. This must have come to him in a dream, since there is almost no policy of any consequence developed there and practice is less than stellar - "no evidence of any hacking at the White House" or quite a few other government offices was long since proved wrong.
Neither party has done anything about the major issues in cyber: persistent hacking by foreign powers; stealing trade secret and proprietary information; a lack of basic policy in computer protection. I don't get the warm feeling that either one is prepared, or willing to do very much. The Democrats should have learned from their own experience with defense against hacking - it is not a do-it-yourself project.
Defense requires a national policy on deterrence, and the ability to enforce it. We still don't have one. Second, we need to get policy for protection out of the hands of NIST which does nothing but pretend that systems will be secure if their policies are followed. Third, we can't have CIOs responsible for security of their networks making decisions about where to cut corners on security. There are too many of them. Look into that club and you will find agencies with 25 or 30 CIOs. You can't have good security with that kind of decision making matrix. There is no Republican or Democrat who doesn't want to see better security of networks, but they need to do something to get them. Pretending is not working out.
No comments:
Post a Comment