Cyber security and the 2016 American elections

If there is one thing we did not take away from this disastrous election season, it is a harsh lesson in cyber security. From Hillary Clinton’s private e-mail server to the DNC hacks to the hacked e-mails of John Podesta, former chairman of the Hillary campaign, published by Wikileaks, they all have one thing in common.

The politicisation of Hillary Clinton’s e-mail server and the rather shocking revelations of the hacks themselves drew away the focus on what was obvious to some: these controversies illustrate a larger problem in the infrastructure and security of the U.S. government.

Hillary Clinton wasn’t the first one to use a private e-mail server. Both Colin Powell and Condoleezza Rice, both Secretaries of State under George G.W. Bush, received information later deemed as classified on personal accounts. In 8 years, the George G.W. Bush administration exchanged 22 million White House e-mails via private servers, documents that were later deleted instead of archived. Later an undetermined number have been recovered but not yet released to the public.

The DNC and the Clinton campaign are not the only organisations that have been hacked in these last years. The State Department, the White House, the Office of Personnel Management (OPS),the United States Postal Service (USPS), the National Oceanic and Atmospheric Administration (NOAA) have all been hacked.

In 2007, Estonia experienced a major cyber attack on its digital infrastructure: major banks, government websites and newspapers all went down. In 2015 it was the German government that got hacked. Earlier this year the Belgium government was ‘plagued’ by cyber attacks.

Some intrusions were more successful than others, but in some cases the hackers acquired personal information of civilians, including social security numbers, addresses and fingerprints.

The DDoS (distributed denial of service) attack last October left multiple websites dysfunctional, including Airbnb, GithHub, Netflix, the New York Times, PayPal, Twitter, Vox, and Reddit. This was one of the largest denial of service attacks ever orchestrated, and it tells a worrying story about our structural vulnerabilities in the digital age.

Now, all of these governments have cyber security experts working on their resilience against such attacks. The old-fashioned approach of damming off networks and scanning the information transfer of this network in real-time is not viable anymore. There is too much traffic and not enough computational power. There are several techniques one could employ, however, most cyber security contingency plans assume a successful hack will take place in the future. It’s taken as a fact of life.

Cyber security is a relatively new field and it is lacking a lot of firepower to combat the people who test the system securities. It’s fighting the tide: whenever a virus or a botnet or a DDoS attack gets shut down another one comes along and takes its place. As we’ve seen with Hillary Clinton’s private e-mail server, the security policies are not in place or are not well implemented. Regardless of whose responsibility it was, the security threat was there and has been for decades as Hillary’s predecessors were not different than her in these respects.

The Internet of Things, the inter-networking of physical devices embedded in electronics, software, and sensors comprise the digital infrastructure of the information societies we live in. Everything is connected. This also means that everything is vulnerable. Our digital infrastructure controls our actual infrastructure: bridges, floodgates, sewer systems, traffic lights, everything.

This is not meant as an alarmist article. However, it is important for you to realise that this is the backdrop on which we are having one of the most important debates of this century. Namely, the trade-offs between transparency, security, and privacy.

You are right to be worried about the Clinton e-mails and the hacked DNC files. They did influence the American election. The people who provided these files to you did not have your best interests at heart, but rather acted in accordance with their own political agenda. If you think that this does not bode well for the democratic process, your concern is shared with a lot of cyber security experts.

The bombshell CIA report released earlier is pointing at Russian involvement in the American elections, which is frankly extremely alarming. It is not the first report implicating Russia or Russia-backed groups in attempting to influence foreign political processes. The vulnerabilities of our systems have left us with great security risks previously unappreciated.

This is not the time to think lightly of these issues. We have to become vigilant about how these threats influence our public discourse. How (hacked) information steers public debate. This concerns you as a citizen and you as an individual.

My final point is: inform yourself. It probably won’t get as bad as the paranoia doomsayers are suggesting, but don’t be so naive to think you got nothing to hide and nothing to lose. You do. Privacy is a fundamental right, and so are open and transparent democratic processes. We stand to lose both.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s