President-elect Donald Trump plans to consult “the greatest computer minds” for input on bolstering U.S. hacking defenses, as experts say an overhaul to the country’s cybersecurity is badly needed.
“We’re going to put those minds together, and we’re going to form a defense,” Trump said in a Wednesday press conference.
Trump made the statement as he said Russia, China and other parties continue to launch cyber attacks against the U.S. In recent weeks, he’s also been confronting claims that the Kremlin used hacks and online propaganda in a covert campaign to tilt the election in his favor.
“Within 90 days (after taking office), we will be coming up with a major report on hacking defense,” Trump said.
It’s unclear who Trump will consult with, but he is making contacts in the tech industry. Last month, he met with leaders from Apple, Microsoft, Cisco and other companies.
Experts hope Trump can shake up the U.S. approach to cybersecurity. So far, the government hasn’t done enough to address the problem, said Steven Chabinsky, a partner with law firm White and Case who is a former deputy assistant director with the FBI’s cyber division.
“I think each administration from (Bill) Clinton has hoped that the market would take care of this cybersecurity problem,” Chabinsky said. But right now, consumers and companies are all on the front lines of cybersecurity, often times fending for themselves, he said.
Outgoing President Barack Obama has taken some steps that might provide a path for Trump to follow. Chabinsky was a member of an Obama-backed, non-partisan commission that came up with recommendations last month on how to improve the country’s cyber defenses.
Among the recommendations was to train more cybersecurity experts, replace usernames and passwords with more secure alternatives, and develop a rating system for technology products so consumers can judge which are safer to use.
There’s plenty more a Trump presidency can consider, Chabinsky said. For one thing, Chabinsky recommends that the U.S. take 10 percent of its annual $600 billion defense budget and devote it to cyber defense.
He believes the U.S. should be researching and paying for ways to stop hackers at the heart of the internet’s infrastructure, where data is transmitted by internet service providers, before their attacks can reach victims.
“Instead of taking advantage of a common ability to clean up at the source, we expect every single one of the billions of users to be responsible and the billions of devices to end up being secure,” he said. “That I think is a fool’s errand.”
The state of cybersecurity in the U.S. has always been very poor, said Chris Pogue, CISO at security provider Nuix. He’s hopeful that the Trump administration will recruit experts with actual computer knowledge and hands-on experience with hacking to bolster the country’s defenses.
For too long, the White House has turned to lawyers and business executives on security, he said. Meanwhile, hackers have been able to breach networks through weak passwords, outdated operating systems and malicious emails, and all these attacks could have been prevented, he said.
“I don’t expect Trump to be a cybersecurity expert,” Pogue said. “But I expect him to get the right people in to do the job and to empower them on the strategy.”
U.S. government agencies, such as the Office of Personnel Management, have also been hacked in recent years, highlighting the need for Trump to bring in better expertise, Pogue said.
“Heads are going to roll, but are we going to continue on the same path or are we going to fix it?” he asked. “I hope we choose the latter.”