{"id":1754,"date":"2024-09-25T06:35:30","date_gmt":"2024-09-25T06:35:30","guid":{"rendered":"https:\/\/xdr-mdr.lmntrix.com\/main_web\/?p=1754"},"modified":"2024-10-18T17:29:06","modified_gmt":"2024-10-18T17:29:06","slug":"actions-speak-louder-than-words-trump-cyber-strategy-at-odds-with-reality","status":"publish","type":"post","link":"https:\/\/lmntrix.com\/blog\/actions-speak-louder-than-words-trump-cyber-strategy-at-odds-with-reality\/","title":{"rendered":"Actions speak louder than words; Trump Cyber Strategy at odds with reality"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img fetchpriority=\"high\" decoding=\"async\" width=\"225\" height=\"225\" src=\"https:\/\/lmntrix.com\/blog\/wp-content\/uploads\/2024\/09\/polling-1.webp\" alt=\"polling\" class=\"wp-image-1755\" style=\"width:565px;height:auto\" srcset=\"https:\/\/lmntrix.com\/blog\/wp-content\/uploads\/2024\/09\/polling-1.webp 225w, https:\/\/lmntrix.com\/blog\/wp-content\/uploads\/2024\/09\/polling-1-150x150.webp 150w\" sizes=\"(max-width: 225px) 100vw, 225px\" \/><figcaption class=\"wp-element-caption\">polling<\/figcaption><\/figure>\n<\/div>\n\n\n<p>When then-presidential candidate Donald Trump promised a comprehensive cybersecurity plan in 2016, it was pitched as a guard against the threat of cyber attacks on critical infrastructure \u2013 from power grids, to government agencies and election systems.<br><br>Now, with midterms around the corner, the <a href=\"https:\/\/www.whitehouse.gov\/wp-content\/uploads\/2018\/09\/National-Cyber-Strategy.pdf\" target=\"_blank\" rel=\"noopener\">National Cyber Strategy<\/a> has been released but a number of actions illustrate a disconnect between the strategy\u2019s words and the administration\u2019s actions.&nbsp;<br><br>In March, the Office of Management and Budget <a href=\"https:\/\/www.wired.com\/story\/federal-government-cybersecurity-bleak\/\" target=\"_blank\" rel=\"noopener\">reported that 74 percent<\/a> of the 96 agencies it assessed were either \u201cAt Risk\u201d or \u201cHigh Risk\u201d of a security breach.&nbsp;<br><br>More recently, nearly 85 percent of cybersecurity professionals at the Black Hat security conference agreed <a href=\"https:\/\/www.lastline.com\/blog\/lastline-survey-results-show-the-industrys-bleak-security-outlook-on-the-upcoming-midterm-elections\/\" target=\"_blank\" rel=\"noopener\">cyberattacks on the midterms<\/a> were likely.&nbsp;<br><br>Despite this, the administration killed key cyber positions, repealed a directive to balance offensive cyber attacks, and refused additional funds for election systems around the country.<br><br>Whether this disregard is rooted in ignorance or is a more calculated form of neglect is yet to be seen, but the outcome is the same; critical systems are at risk.<br><br><strong>Musical Chairs&nbsp;<\/strong><br><br>Cybersecurity positions at the White House are a game of musical chairs &#8211; not so much because people\u2019s positions change, but because seats are removed from the game.&nbsp;<br><br>Cybersecurity czar Tom Bossert and coordinator Rob Joyce <a href=\"https:\/\/www.wired.com\/story\/white-house-cybersecurity-coordinator\/\" target=\"_blank\" rel=\"noopener\">were forced out<\/a> of the White House, with their responsibilities shifted to two National Security Council senior directors. The U.S. State Department has also left the position of <a href=\"https:\/\/www.wsj.com\/articles\/former-cyber-diplomat-says-u-s-cutback-sends-wrong-message-1536359303?mod=searchresults&amp;page=1&amp;pos=11\" target=\"_blank\" rel=\"noopener\">cyber ambassado<\/a>r unfilled.<br><br>Despite this, the National Cyber Strategy identifies \u201crefining roles and responsibilities\u201d as one of its priorities, calling for \u2018clarity\u2019 and \u2018coordination\u2019 of the roles of Federal agencies in addressing cyber threats to the U.S. &nbsp;<br><br><strong>Defending Democracy<\/strong><br><br>In mid-July, <a href=\"http:\/\/www.chicagotribune.com\/news\/nationworld\/politics\/ct-election-security-funding-russian-meddling-20180718-story.html\" target=\"_blank\" rel=\"noopener\">Congress excluded new funds<\/a> for improving election security from its spending bill. The funds would have added millions of dollars to help states improve voting systems and administer elections.&nbsp;<br><br>September\u2019s National Cyber Strategy highlights \u201cProtecting our Democracy\u201d as a priority, promising increased training and support for state and local government officials \u201cwhen requested\u201d.<br><br>Attacks against <a href=\"https:\/\/www.cbsnews.com\/news\/when-russian-hackers-targeted-the-u-s-election-infrastructure\/\" target=\"_blank\" rel=\"noopener\">voting infrastructure<\/a> have been confirmed, and the refusal to bolster already compromised infrastructure is &#8211; to put it mildly &#8211; concerning. One case, against the Illinois State Board of Elections, illustrates the level of vulnerability \u2013 asked about the Board\u2019s ability to defend itself, an executive characterized the fight as \u201cbows and arrows against the lightning\u201d.&nbsp;<br><br><strong>Leading with the Chin<\/strong><br><br>In August, President Trump reversed Presidential Policy Directive 20 (PPD-20). This laid out a complicated interagency process for deploying cyber weapons against adversaries.&nbsp;<br><br>Pulling back PPD-20 means the gloves are off and offensive cyber capabilities can be deployed more easily. The cyber strategy codifies this, giving agencies such as the NSA greater remit to conduct <a href=\"https:\/\/www.cnbc.com\/2018\/09\/21\/trump-cybersecurity-policy-offensive-hacking-nsa-russia-china.html\" target=\"_blank\" rel=\"noopener\">offensive cyber attacks<\/a>. &nbsp;<br><br>Certainly, revisiting how the U.S. should respond to threats is important, but the U.S. is not prepared to defend its key infrastructure from targeted cyberattacks. At its apparent state of readiness, conducting any kind of offensive cyber warfare would have severe repercussions, while the attacks against the U.S that are already succeeding will continue to succeed. As in boxing, if you keep your guard down it\u2019ll be a short bout \u2013 no matter how many haymakers you throw. &nbsp;<br><br>What we know is that the federal government has displayed an alarming lack of commitment to election security as a crucial midterm election approaches, even though it\u2019s been made plain that bad actors <a href=\"https:\/\/www.wired.com\/story\/midterm-elections-vulnerabilities-phishing-ddos\/\" target=\"_blank\" rel=\"noopener\">will attempt to breach or influence<\/a> those systems.<br><br>So now, with the midterm elections looming, the cyber strategy has all the right words, but no one seems to be singing them.&nbsp;<br><br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>When then-presidential candidate Donald Trump promised a comprehensive cybersecurity plan in 2016, it was pitched as a guard against the threat of cyber attacks on critical infrastructure &ndash; from power grids, to government agencies and election systems. Now, with midterms around the corner, the National Cyber Strategy has been released but a number of actions [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1755,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1754","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"_links":{"self":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts\/1754","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/comments?post=1754"}],"version-history":[{"count":4,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts\/1754\/revisions"}],"predecessor-version":[{"id":4139,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts\/1754\/revisions\/4139"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/media\/1755"}],"wp:attachment":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/media?parent=1754"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/categories?post=1754"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/tags?post=1754"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}