More Opinion

COMMENTARY: How to Prevent a Cyber Attack and Protect Our Privacy

Two recent Congressional bills would force private tech companies, like Apple, to allow a back-door for law enforcement to assist after a crime. This is a reactive policy rather than being proactive about our cyber security and our personal privacy.

This month, Sen. Mike Rounds introduced a bill that requires the government to define the elements of a cyber-attack that constitute an “Act of War” against the United States. He, and many others want to know:  Would we go to war if one city’s electrical grid was shut down for a week? Would we go to war if our Air Traffic Control system was hacked? When is hacking an attack? This is a worthy discussion and Sen. Rounds is right to ask that cyber-attacks constituting an “act of war” be formally documented and defined, but his legislation deals with after-the-fact responses versus being proactive to prevent an attack.

Another bill, one co-sponsored by Sen. Feinstein requires that encryption providers, like Apple, provide a back-door to law enforcement to assist in their after-the-fact investigations. Many people in government appear to be content to deal with attacks from a forensic point of view after an attack, wanting an additional investigative tool while seeming not to realize the devastating consequences for the rest of us. Virtually all privacy advocates and technology experts oppose the Feinstein bill since a law that requires that the government have access to our cell phones, computers and internet activities is an outrageous overreach of government power. The Feinstein bill is also a national security catastrophe.

Supporters claim that back-door access for the government will help in terror investigations. It may, but a long list of national security experts from the security and intelligence communities oppose the Feinstein bill on national security grounds because it will do vastly more harm than good.

The way to stop cyber-attacks on our country (and against you and I personally) is to have strong encryption of both the devices we use and our information in transit across the internet. Strong encryption is the cornerstone of any sensible cybersecurity policy. If enemy forces cannot get access to the control systems of our critical infrastructure or our sensitive trade secrets, then a successful attack will not occur. This should be the focus on Senator Rounds’ cyber bill and Feinstein’s encryption bill. We need legislation that is proactive and focused on preventing cyber-attacks against our critical infrastructure as well as our personal data.

A Defense News Poll showed that cyber warfare is a bigger threat to the United States than terrorism. It’s time to take this threat seriously, be proactive, and elect representatives who understand the complexity of cyber security and can ensure the right kind of legislation is passed to prevent a cyber-attack and protect our privacy.

- Casey Lucius is a candidate for Congress and former intelligence officer and national security professor.

Comments

Dear Ms. Lucius,

Thank you for your insight and opinion regarding cyber security and personal privacy. I trust you are an expert based on your bona fides. 

As you are a Republican candidate for Congress, I noted that you did not attribute the bipartisan Burr-Feinstein bill to Senate Select Committee on Intelligence Chairman Richard Burr (R-N.C.) as well as Vice Chairman Dianne Feinstein (D-Calif.

In addition, as you may know, the Burr-Feinstein bill was effectively stopped from advancing to become legislation according to recent reports in the press:

Draft legislation that Senators Richard Burr and Dianne Feinstein, the Republican and Democratic leaders of the Intelligence Committee, had circulated weeks ago likely will not be introduced this year and, even if it were, would stand no chance of advancing, the sources said.

Key among the problems was the lack of White House support for legislation in spite of a high-profile court showdown between the Justice Department and Apple Inc over the suspect iPhone, according to Congressional and Obama Administration officials and outside observers.

I agree that Americans should "elect representatives who understand the complexity of cyber security and can ensure the right kind of legislation is passed to prevent a cyber-attack and protect our privacy." That's exactly what the Obama administration did in this case. 

Based on Donald Trump's demonstrated capacity as the Republican party presumptive presidential candidate and standard-bearer, it seems dubious that even well-meaning Republicans like yourself and Senator Richard Burr would prove beneficial as expert informants to a reckless and reactive would-be despot and demagogue like Trump.

Below are recent links to articles from the national press that declare the Burr-Feinstein bill as a dead issue. 

)http://www.zdnet.com/article/senate-bill-that-would-outlaw-encryption-an...

 

https://www.techdirt.com/articles/20160527/08343534565/burr-feinstein-an...

Mike, since you're making this a political issue I want to get it straight, you're taking on Trump because the White House opposes a bipartisan bill to protect all Americans and you're also a Clinton supporter on cyber-security issues?

Well, Hillary Clinton's not useless on cyber-security and government transparency, she an always serve as a bad example.

Perhaps you should read some news stories, I would start with the report from the Department of State Inspector General who flatly contradicts the repeated Clinton statements that she was a allowed to use a private email server for official business and to store classified information.

You should stick to the issue of Medical Marijuana rather than the Democratic party line when it comes to Clinton's blatant and illegal attempts to hide her official communications from the public and the Freedom of Information Act and jeopardizing national security in the process.

Marty Richman

Marty,

Thanks for your interest in my commentary. I am honored that you think I'm making this a political issue, but the honor belongs to Ms. Lucious who is running for Congress and publishing her political opinion in Benito Link in an attempt to win over voters in San Benito County.

It is interesting that both Clinton and Trump suffer from unfavorable candidate ratings which is unprecedented in presidential politics. I am aware of the articles and news stories you cite about Clinton's email server issues. However, that doesn't mean Americans should vote for Trump-the-racist-misogynist-xenophobic-psychopathic president by default. And that's a problem the Republican party has at the moment. 

I'm not sure why you referred to my support of Medical Marijuana and advocacy for Prop 215 patients safe access to medicine rather than support the Democratic party line. The two issues are not necessarily mutually exclusive.

Investigations into allegations of illegalities supposedly committed by Clinton regarding her official communications as Secretary of State are ongoing. Until due process finds her guilty or culpable, you don't have the right to claim she is guilty of jeopardizing national security; but you are certainly entitled to your biased opinion. 

Mike, it is you who are off base - I read that article very carefully and Lucius did not mention Trump or even the presidency, you brought it up as the standard paranoia-based knee jerk reaction.  If you back Obama's putting the nation at risk of cyber-attack just say so, don;t change the subject.

I'll repeat my question - "you're taking on Trump because the White House opposes a bipartisan bill to protect all Americans and you're also a Clinton supporter on cyber-security issues?"

Talk about the pot and the kettle.

She wrote:  "We need legislation that is proactive and focused on preventing cyber-attacks against our critical infrastructure as well as our personal data."   If you know anything about the actual vulnerabilities and if you could engage your intellect on the subject you would agree with that statement, rather than blindly  rejecting it.

I brought up your support of marijuana cultivation as a perfect example of the type of ad hominem attack that you had made, funny how fast you recognized it as off subject when it happened to you. Just curious, is there anything the Democratic Party feeds you that you won't swallow hook, line, and sinker?

The subject, in case you have forgotten it, was cyber-security, if we are doing ranting and guilt by association (Lucius and Trump) I'm justified in calling Hillary Clinton a rapist and sexual predator (Clinton and Clinton) and she is certainly a totally corrupt liar in her own right having convinced her husband to sell a Presidential Pardon to a fleeing federal fugitive Marc Rich (the only case in history), in exchange for fur coats and a house full of expensive furniture from his "ex-" wife.

 

I would not vote for Trump on a bet, but I would not vote for Hillary Clinton on ten bets.  She's a slimy, anti-constitution, corrupt, scheming, typical race-baiting left-wing radical.  The only good thing she ever did was risk her life ducking bullets at the airport - wait, that turned out to be another lie, didn't it?

The lady - and she's no lady - cannot be trusted.

Marty Richman

Submitted by (William McCarey) on

Very good article by Ms Lucius. I need to know how my Republican candidate thinks. After our backbencher retires (praise the Lord), I'd like to see someone represent this county who is capable of expressing loud opinions and getting dirt under her/his fingernails. Unfortunately the two bills she is touting do nothing. Rounds' bill is just bureaucratic rhetoric and Feinstein's bill makes it easier to hack into software by installing another backdoor.

Most cyber attacks occur because of laziness. Ever try to hack any site, much less a federal one? (Dear NSA, I never tried.) IMHO The weak point is the password to the root directory (or the password to the maintenance "backdoor"). Even with the fastest supercomputer in the world (Chinese, of course) at 32 quadrillion calculations per second, it would take 10e96 years to break a 66 character password. A twelve character password would take 59 minutes. How long is your password? (Mine will take a week.) I am guessing that the IRS p/w was pretty short. And it's just as easy to bribe a federal worker and use their p/w.

There are many ways around these weak passwords (throw away keypads, no access from one level in the directory to the next, multiple passwords, daily p/w changes, multiple unlinked servers and storage, no internet connection...or maybe just long p/ws.)

My yahoo email account has been hacked many times...not through my emai but through the crappy passwords used by Yahoo to "protect" my account. Solution: no personal info is stored in my account. No contacts, no credit card numbers, no physical addresses, no links to other accounts, and p/w changed weekly, mail deleted frequently. The only way I know my account has been hacked is when I get a message from Candy wanting to share her porn pics or the Prince of Lagos with his latest banking dilemma.

I think the best legislation to cure all the federal hacks, is to automatically fire the chain of command in that particular organization. When Obama and/or Trump suddenly lose cabinet members, maybe they will pay attention to my data security.

Mr. McCarey, Ref. your comment, "The weak point is the password to the root directory" I would disagree, the weak point is that humans are involved in every phase of designing and protecting the systems.

I highly recommend the blog krebsonsecurity which regularly reports on all cyber-security issues.  In some cases, such as leaving trapdoor pre-loaded thumb drives begging to be "stolen" and plugged in just lying around the cafeteria it's inventive, in others like today's report CiCi's Pizza, it's just the same old con jobs -

"CiCi's Pizza, an American fast food business based in Coppell, Texas with more than 500 stores in 35 states, appears to be the latest restaurant chain to struggle with a credit card breach. It appears that hackers obtained access to card data at affected restaurants by posing as technical support specialists for the company's point-of-sale provider, and that multiple retailers have been targeted by this cybercrime gang."

In total ability to protect the information comes down to the weakest link whatever it is today.  OBTW, the government also had a a raft of detailed personal history files of people who had applied for security clearances stolen within the past year.  Any security system that depends on questions such as "what was your Mother's maiden name" or "where were you married"  are useless.  That and a PIN was what the IRS depended on to clear last year's identity theft re-filings; so they were taken AGAIN by the same thieves.

Marty Richman

Add new comment

Add Facebook comment

Comment using your Facebook account. Facebook comments will be published on this page, and on Facebook. It will not be posted to the "Recent Comments" list on the BenitoLink front page.