After an election where charges flew that foreign powers used cyber-tactics to try and help him get elected, Donald Trump is apparently focused on shoring up America’s cybersecurity.
Mr. Trump’s four-part cybersecurity plan calls for a full security audit of all federal government computer systems, mainly to protect the U.S. Defense Department from hacking.
While that sounds like an admirable goal, in practice it may result in Mr. Trump’s first collision with the fact that even a President can’t get really, really complicated things done with the simple wave of a hand.
The audit, which is supposed to occur immediately, will involve a review of “all America’s cyber defenses and vulnerabilities, including critical infrastructure.” It will be done by a not-yet formed team of auditors culled from military, law enforcement and private sector experts.
The two problems with this concept are:
- A lot of auditing is already being done by individual departments. And as a result, there have been almost no successful hacks of systems at the truly critical agencies like CIA, NSA and the Defense Intelligence Agency.
- The level of security is, on purpose, different in various government departments. It’s not necessarily desirable to apply a single standard across the board when some government information is supposed to be more public.
Mr. Trump’s plan could be a good idea, at a time when cyber-attacks are on the rise. But it’s will be a huge job, and one can’t help but worry if it will suffer from the corporate mentality it seems to arise from. Companies that put in “uber” management boards to clean up or invigorate multiple divisions often sink in a sea of turf and expertise conflicts.
Most interestingly, perhaps, is that Trump’s intense focus on cyber security may lead us to answer some questions that have been hanging there for several years: How will America conduct a cyber-retaliation or cyber-war if we deem it necessary? What kind of cyber-attack actually constitutes an act of war?