How To Make Cybersecurity Great Again: Guidance For President-Elect Donald Trump

As Brian Krebs reported, “It remains unclear whether Republicans and Democrats can patch things up after a bruising and divisive election, but thanks to a special Election Day Patch Tuesday hundreds of millions of Adobe and Microsoft users have some more immediate patching to do.”

His article goes on to state how the regularly scheduled round of patches from Microsoft fell on election day this year, and this leaves us wondering if system administrators will remember that patching their systems is important and cannot be diverted from their responsibilities because they were up too late (as were many of us) watching the results of the election.

I heard a saying that goes something like this:

“We have to be right every time, but our adversaries only have to be right once.”

And no matter how you take this statement, to me, this means that we need to be vigilant in our efforts to keep systems secure, because leaving the door open even once to hackers and malware can lead to devastating effects.

So...

Are you feverishly working to patch your systems today with the latest patches available from vendors such as Microsoft and Adobe?

Or are you spending your time unfriending people on social media sites since they voted for someone that you don’t approve of?

What do you think the hackers are doing today?

You can be sure that they are trying to find new ways to break into the unpatched systems that are out there, and unfortunately, there remain many systems in use in today’s IT world that haven’t been patched in months and maybe even years!

“It remains unclear whether Republicans and Democrats can patch things up after a bruising and divisive election, but thanks to a special Election Day Patch Tuesday hundreds of millions of Adobe and Microsoft users have some more immediate patching to do.”

My guidance for President-elect Donald Trump is to spend some time assessing our nation’s “state of cybersecurity” and then take some real calculated measures to provide funding, support, and stronger regulations for businesses that handle any type of personal, health or financial data.

Obviously, this is a big ask, but I know it can be done.

We currently have several regulations such as HIPAA, PCI, FERPA, and others, that try their best to protect data handled by businesses, but as we all know by now, PCI is about the only one that really has “teeth.” It’s going to take the fear of not being allowed to conduct business anymore and/or the fear of some people losing their jobs (go ahead – say it… ‘you’re fired!’) for some companies (including the government) to really start to take cybersecurity measures more seriously.

Make America Great Again

President-elect Trump promises to “make our country great again.” One way to do this is to secure our data from foreign hackers, and to impose severe penalties via sanctions for countries that are found to help and support hackers.

Another way to rebuild our country is to put our veterans to work and to ensure that we allow research and development to thrive in our country in the areas of cybersecurity. We need to get more young people interested in cybersecurity and not just so they can think that they can one day become “hackers.” We need to teach our youth that protecting critical assets from cyberthreats is of the utmost importance to national security, and who better than the commander-in-chief to deliver that message?

It’s also time that we get some real standards in place for the technology needed to properly protect our infrastructure from the threats of tomorrow. Gone are the days where you can run a computer or server without anti-virus software, so why not make it a law that all PCs and related devices (including mobile phones, tablets, etc.) must either come preinstalled with next generation anti-virus, or that the consumer or corporate entity running that device must install anti-virus software and keep it up to date?

Why not do something for operating systems and third-party application patches?

We see Microsoft moving to a model where once per month they will release a set of patches that automatically install, and I think that is great.

How about firewalls?

Why aren’t firewalls a mandatory requirement in order to be allowed to connect to the internet, and for businesses that don’t have a dedicated security operations team of a certain size (depends on the company size), it should be mandatory that they outsource the monitoring and management of that firewall to a vendor who does this all day, every day.

And finally – what about those logs?

What I mean are the logs from computers, servers, network devices, firewalls, etc. Why aren’t there requirements that these be sent to a secure storage location for archival purposes, and consumed by a SIEM system with automated threat intelligence feeding the alerts and responses to any cyberthreats found?

Sure what I am proposing may sound very futuristic and maybe even a bit unrealistic, but what are our options? And if this year’s Presidential election has taught us anything, it’s that anything is possible!

President-elect Donald Trump also demonstrated an unwavering determinism and drive to achieve what appeared to be an un-winnable goal with all odds stacked against him.

In the cybersecurity race so too must Mr. Trump demonstrate strong leadership to help drive new and strong regulations and oversight that makes cybersecurity measures a requirement, not an afterthought.

The need to protect our digital assets and our critical infrastructure has never been more acute to ensure a cyber-secure transition and that our systems and data is safe for years to come.

  • Key takeaways from the presidential debate on cybersecurity.

    September 28, 2016

    ​The presidential debate, as entertaining as it was for many, was a great place to hear about the focus needed on cybersecurity issues in this country. Both candidates were asked the following question on the topic of cybersecurity in the U.S...

    Read More
  • Why is patching important to the security of your business?

    May 31, 2016

    If you are not keeping up with regular patching of your computer and the programs that run on it – then you are simply asking for trouble. Many of the breaches that make the news are caused by holes in software for which a patch existed by the vendor.

    Read More
  • State Sponsored Hacking – More Than an Issue for Sony

    January 14, 2015

    We live in a brave new world where the spies of yesteryear, like James Bond and Jason Bourne, are truly falling away into the realm of fantasy, replaced instead with hackers, doing battle on the digital front.

    Read More