If Trump Wants to Make Cyber Great Again, He Needs to Do His Homework

When Donald Trump discusses cyberspace, it’s with the assured belligerence of a man who appears to know very little about it.

Asked in a recent interview whether he supported the development and fielding of cyberweapons, Trump flatly declared, “Yes. I am a fan of the future, and cyber is the future.”

That statement came in an interview with the New York Times and in the context of a discussion about the United States’ treaty obligations to its Baltic NATO allies, countries that Trump said he would not necessarily defend against a hypothetical Russian invasion unless they increased their defense spending.

These countries, especially Estonia, have come already under cyberattack from Russia, prompting the Times‘s David Sanger to ask the presumptive GOP nominee about his view of this new frontier in warfare. “We’re under cyberattack, forget about them,” Trump said, steering the conversation back towards the United States. “We don’t even know where it’s coming from.”

As with many of Trump’s comments on cyberspace, his statements to the Times indicate a candidate that appears to not be too well-versed in the complexities and dangers of digital warfare.

When he says that he is a “fan of the future” and that cyber represents it, Trump casually endorses the use of cyberweaponry. That class of weapons is unique — along with nuclear missiles in bombs — in requiring presidential approval authorizing their use.

The use of cyberweapons under international law remains highly unsettled, and states’ deployment of them today is likely to set precedent for their future use. Experts caution that their use can carry with them unintended consequences and fallout.

Perhaps Trump really has given sober thought to how he would use these weapons, but his statements on the issue indicate otherwise. He has, for example, described America’s capabilities in cyberspace as “obsolete,” a characterization that doesn’t quite square with the fact that the National Security Agency has pioneered the use of digital weapons and is widely thought to be the best in the world at breaking and entering computer systems. Hackers at the NSA, working together with their Israeli counterparts, hacked into the Iranian nuclear facility at Natanz in 2007 and succeeded in sabotaging centrifuges used to enrich uranium, temporarily slowing Tehran’s nuclear push.

That operation utilized a computer program dubbed “Stuxnet.” Computer experts consider it the most advanced computer virus ever designed. Nonetheless, Trump insists that America’s capabilities in cyberspace lag those of its adversaries.

It’s a line that makes for good politics, but doesn’t quite match reality, just as when Trump declared to the Times that the United States doesn’t know where cyberattacks come from.

In response, Sanger mused philosophically, “Some days we do, and some days we don’t.” That’s a rather elegant summation of what cybersecurity experts describe as the “attribution problem.” Cyberspace provides a great deal of cover for hackers to carry out attacks; one reason why states like to act against their adversaries online is that they are more easily able to mask their identity. A missile attack or troop incursion cannot provide the same level of anonymity.

But it is not true that the United States does not know who is hacking its systems — especially when it comes to more advanced attacks. When hackers made off with millions of records from the Office of Personnel Management, U.S. officials fairly quickly determined that Chinese operatives had carried out the the theft as an act of espionage. When hackers infiltrated the servers of Sony Pictures, Washington revealed that North Korea had attacked the studio in retaliation for its unflattering portrayal of Kim Jong Un in the film The Interview.

In the Sony case, the White House felt comfortable blaming North Korea because the NSA had penetrated Pyongyang’s computer networks. Call it what you will, but breaking into the computer systems of one of the world’s most isolated and secretive countries is no small task. And it certainly doesn’t point toward “obsolete” American capabilities.

Nonetheless, authorities still face significant obstacles in tracking down the perpetrators of low-level cybercrime. The capability to, for example, swipe user credentials or hack into a company database is a common one, and the hackers motivated to do so are legion.

By contrast, few actors have the ability to carry out advanced, coordinated attacks. So when one happens, means and motive will usually provide investigators with a pretty good idea of who was responsible.

It is perhaps too much to ask of Trump to understand these fairly technical aspects of cyber warfare. His campaign website includes a single reference to cyber issues: “We will enforce stronger protections against Chinese hackers and counterfeit goods and our responses to Chinese theft will be swift, robust, and unequivocal,” his website reads.

Trump’s scattered positions on the issue include a call to “closing” parts of the internet in response to the Islamic State’s successful propaganda effort to recruit followers and inspire attacks. Experts said that argument evinced a fundamental misunderstanding of how the internet works. Trump has also called for a boycott of Apple, in response to that company’s refusal to undermine its own security features in order to grant the FBI access to the encrypted contents of an iPhone belonging to one of the San Bernardino gunmen. He has called for Edward Snowden’s execution.

Trump’s opponent for the fall, Hillary Clinton, has struck a middle ground on these issues. She has called on Washington and Silicon Valley to collaborate in finding a solution to how the government can access encrypted data while preserving security. (Technical experts argue such a compromise solution does not exist.) Cyberspace only rates a mention on her website in the context of a discussion about Beijing: that she will “press China to play by the rules — including in cyberspace, on currency, human rights, trade, territorial disputes, and climate change.”

But Clinton has so far avoided attacking Trump on issues of cybersecurity, perhaps because she senses her own vulnerability on the issue. Her candidacy was, after all, nearly torpedoed by her decision to set up a private email server, a decision that security experts believe was a total disaster.

 Spencer Platt/Getty Images