Why aren’t we treating cybersecurity as an election issue?
The Harris-Trump debate has come and gone. Now the fight is over who won and who lost.
For my money, it was the American people who lost, because many of the critical issues facing the country received no mention at all.
It is one thing to talk about problems and then do nothing about them, or to change positions once in office; it is another thing entirely to ignore issues like the country’s gargantuan debt, the global disaster that could be ignited if China invades Taiwan, and the massive insecurity of cyberspace, where we now spend much of our lives.
Talking heads have been babbling about the first two of these issues for some time. So let’s focus on cyberthreats.
Is it possible that the candidates had not heard about the cyberattack on the Port of Seattle and the Seattle-Tacoma International Airport just a few weeks before the debate? Could they have misunderstood its significance? That attack was likely only a limited dress-rehearsal, but it still crippled flight reader boards, disabled Wi-Fi, shut down baggage delivery and caused the cancelation or delay more than 400 flights.
Considering the recent global CrowdStrike software debacle, the moderators and the candidates should have given these events some attention and discussed the possibility of a future cyber Armageddon.
The reality is that there are now two cyberspaces. One has changed the quality of our social and business lives for the better in innumerable ways. The other has become the breeding ground for a polluted ecosystem where criminals, hackers and adversarial nations take advantage of everyone from small children to governments with little chance of being caught. Even relative novices can engage in global money laundering, human trafficking, weapons distribution, drug smuggling, terrorist financing and the proliferation of child sexual abuse material.
Andy Greenberg’s description of the takedown of the Silk Road and Welcome to Video websites in his recent book “Tracers in the Dark” is extraordinarily revealing. It took several years and law enforcement agents from a variety of countries to find one man living in South Korea who reportedly operated the Welcome to Video site. The single server that he maintained in the basement reportedly housed 250,000 videos of children as young as one year old being abused. Cyberspace exponentially changes the scale of the damage that can be done by evil people.
Reasonable people neither go without locks on their doors, want to live in cities without police, nor seek to disband armies that guard their countries' borders. Yet that is exactly our situation whenever we are online. Governments are incapable of fixing this problem, and many businesses have no incentive to get serious about it as long as the losses that they incur from cyberattacks continue to be dwarfed by the profits they make from online activities.
The revelations of the 2016 election and the threats to children have seemed to finally have spurred government authorities to take action. In early September, the Department of Justice announced the seizure of 32 internet domains used in Russian government-directed foreign malign influence campaigns to spread Russian propaganda designed to influence voters in U.S. and foreign elections, including the U.S. 2024 presidential election. The attorney general of California recently penned a letter to the CEOs of Alphabet, Meta, Microsoft, OpenAI, Reddit, TikTok, X and YouTube cautioning them to work harder to protect voters from “deception, intimidation, and dissuasion.”
But authorities are playing a futile game of catch up. They are already late to the party, and evolving forms of artificial intelligence, quantum computing and nano technologies will only increase the scale of our online vulnerability, putting our lives, liberty and pursuit of happiness in jeopardy.
There are private-sector gating and pseudo oversight organizations in cyberspace, but they are toothless when it comes to creating online security. Cyberspace demands a new, cooperative form of regulation. Governments must get much smarter about technology; at the same time, they must insert less of themselves into the process so that the public understands that it can’t rely on a false veneer of government oversight. There are no cyber police, and no 1-800 number to call when your money disappears.
The Cyber Safety Review Board established as a result of a 2021 presidential executive order is an example of what the future of regulation should look like. The board consists of both government and private-sector officials and executives who jointly investigate and render conclusions and recommendations about major cyber events. Such collaboration is the only way to bridge the knowledge gap between the private sector and the government.
We have wasted 30 years watching governments fumble the football, only to find ourselves still stuck at the five-yard line. Online technology has nurtured some of the largest companies the world has ever seen, and yet we are farther from internet security than we have ever been.
Criminals, hackers and rogue nations know that this election will have no impact on the insecurity of the internet that they take advantage of every minute of the day. Shame on our leaders for allowing this threat to grow so large. Shame on us for not demanding answers to threats that can take our money, limit our mobility, eliminate our freedom, and even end our lives in the blink of an eye.
Once again, we are the losers. The debate proved it.
Thomas P. Vartanian is executive director of the Financial Technology & Cybersecurity Center, and the author of “The Unhackable Internet.”