If you were paying attention to the American Presidential race (and let’s face it everyone has), you would have undoubtedly come across the allegations of hacks and data leaks. Most prominent was the allegation that state sponsored hackers from Russia mounted several successful cyberattacks on both major parties. Neither of which was confirmed to the public, but the mere mention of it sent both parties and their constituents into a frenzy. While these actions may come as news to some people, the use of cyberattacks to influence politics is nothing new. However, what this election did do is push the topic into the spotlight.
The fact that the alleged hackers originated from Russia also got people talking. It is no secret that Russia has not been on good terms with the United States, but the uptick in nationalist sentiment everywhere amplified the situation. It is also no secret that state sponsored hackers have been utilized by various countries in the past, but this election basically stated it as a matter of factly, or is that bigly? The question is now whether this will become the new reality? While state sponsored hackers be utilized out in the open like digital soldiers? And what does it mean for the enemies or targets of the state?
The alleged hacks targeted federal, commercial and personal servers. This poses several questions surrounding IT security. Government systems are supposed to be near impregnable, yet these hacks are supposedly occurring. If government systems stood no chance then what hope is there for corporate or personal systems? Before answering that question it is good to take a quick look at the security and system set ups of many government entities. Like a massive company these federal entities operate on a budget and timeline. Groups and departments must submit budget forecasts and must fight for the approval. These purchasing cycles can take years (the average in most cases is 3 to 5 years) for new systems to go from an idea to a purchase order. Hackers in the meantime have no such restrictions and can improve their systems and attack vectors at will, in fact it is one of their most effective tools to bypass the slug-like movement of large federal departments and corporations alike. On top of this, large entities like corporations and governments literally have dozens of departments that do not necessarily talk to one another. This makes coordinating some sort of defense against cyberattacks frustratingly, and unnecessarily difficult.
If the use of cyberwarfare in politics is to be the new norm, then the practices of large companies and government need to be adjusted accordingly. It may seem like a tall order, but these entities need to be more agile and proactive in their defense of their IT systems. Attacks can and will happen, in this day and age it is an inevitability, therefore planning for such an event is not only a good thing to do, but mandatory. Shortening purchase cycles and decreasing the amount of red tape that security departments must navigate through to get things done should also be made into a priority.
Article by David Share