Charlie Mitchell is the author of the new book Cyber in the Age of Trump: The Unraveling of America's National Security Policy. He also has written Hacked: The Inside Story of America's Struggle to Secure Cyberspace. He is the editor and founder of the online news service Inside Cybersecurity, and he's based in Washington, D.C.
Q: Why did you decide to write Cyber in the Age of
Trump, and what do you see as Trump's overall attitude toward cybersecurity
issues?
A: Hi Deborah and thanks for hosting these Q&As –
I love reading them and am honored to participate for a second time!
I wanted to explore the constants and the disruptions
in the change from President Obama to President Trump in an area –
cybersecurity – that really poses existential threats to our country.
It’s been a mixed bag, as you can imagine: The Trump
administration adopted a lot of the Obama approach, which was a relief to many cyber
pros. But there have been fundamental changes and some are downright baffling.
Just a few examples: The Trump team jettisoned the one
White House position meant to coordinate cyber efforts across the government; their
approach to partnerships with allies has been a mess; and perhaps most notably,
this administration has been much more aggressive in the use of cyber offensive
weapons overseas.
The overall results are still to be determined, but I
see Trump’s term as a missed opportunity in cyberspace.
Trump’s overall attitude is an interesting question.
As a business person he could bring a valuable perspective to the cyber policy
dialogue. But he hasn’t done that.
The whole issue became hopelessly entangled, for him, with
the Russia hack of the 2016 election. That’s made it hard for his government to
absorb lessons because Trump seems to think any discussion of 2016 threatens
his own legitimacy as president. It doesn’t have to be that way, but that’s how
the president approaches issues.
This is a sequel to my 2016 book, Hacked: The Inside
Story of America’s Struggle to Secure Cyberspace, which explored the early days
of U.S. cyber policy, especially in the Obama years.
Q: In our previous Q&A, back in 2016, you said,
"I really enjoy covering the cyber issue because it is a fresh policy debate
and isn't as bogged down by the same old partisan splits or industry splits
that characterize policy making in so many other areas." Do you think it's
still less of a partisan issue now?
A: Cybersecurity still has a bipartisan aura, but it’s
an understatement to say that’s been strained over the past four years.
In Hacked, I described the relationship between the House
Intelligence Committee’s top Republican, Devin Nunes, and the top Democrat Adam
Schiff as one of the most productive partnerships in Congress when it came to
cybersecurity.
In Cyber in the Age of Trump, they become mortal
enemies, thanks to the intense partisanship around the Russia investigation.
But bipartisanship is clinging to life. The Senate Intelligence
Committee has examined the events of 2016 and is producing a series of reports
and recommendations without a hint of partisan strife. There have been
disagreements, to be sure, but this is a great example of lawmakers rising
above zero-sum politics. It still happens!
Q: How did you research this book, and did you learn
anything that especially surprised you?
A: The book came out of my daily reporting for
InsideCybersecurity.com, and then thinking through the context and implications
of the things I was seeing every day in the Trump administration, Congress and
around the world on cyber.
In stepping back to get a view of the whole, I was
struck by how cybersecurity is essentially a battle for the survival of
democracy. And it goes way beyond the debates over securing voting machines and
voter registration databases, as important as those are.
At one point I found myself asking whether cybersecurity
is just about credit card fraud and big companies dealing with their
liabilities. It’s not.
Cyber chaos undermines democracies in so many ways,
and it ultimately plays into the hands of tyrants who aren’t very interested in
the internet as a medium for the exchange of ideas, creating new economic
opportunities and advancing freedom.
Repressive governments see cybersecurity as a way to
clamp down on dissent and new ideas; democratic countries need to find a way to
secure the internet while embracing and promoting our values.
Q: What do you see looking ahead when it comes to cyber
issues?
A: I do see more partisan strain in the political arena,
unfortunately, and even more challenges coming in the security realm.
The Internet of Things – in which everything is connected
on the internet – is creating a vast new attack surface with ramifications way beyond
credit card theft.
We’re talking about interfering with airplanes and
driverless cars, knocking out electricity, even targeted attacks on heat or air
conditioning in homes, and much more. It’s real physical destruction and even
death.
There is a lot of chatter about this among security
pros, but the conversation needs to be elevated. This needs to be a national
dialogue, led by the president and leaders from every domain.
The coming vulnerabilities in IoT, the frightening advances
in cyber-attack tools and the ability to spoof and spread disinformation, plus
our political polarization, are adding up to a challenge unlike anything we’ve
faced before in our democracy.
Q: What are you working on now?
A: I’m mostly focused on the day-to-day, week-to-week
developments in cyberspace and how the policy pieces fit together to counter
the threats. There’s a lot of action to cover -- along with an emerging debate that
may pit security against freedom, privacy against convenience.
There are interesting proposals out there for a
whole-of-society response to the cyber challenge writ large, and I’m following
how they will be accepted or rejected by the body politic.
Q: Anything else we should know?
A: I want to give a shoutout to the talented,
dedicated people working on cybersecurity in government and the private sector,
and the individual researchers called “white hat hackers.” They all need
support and everyone can play a role.
Cybersecurity is only in part a technical issue. There
are amazing things going on in the technology sphere, and yet tech won’t answer
all of our cyber questions or solve all of our cyber problems.
Cyber is about privacy, civil liberties, economic decisions
and trying to build a social contract around these issues for the digital age.
We have a big challenge in front of us!
--Interview with Deborah Kalb. Here's a previous Q&A with Charlie Mitchell.