Charlie Mitchell is the author of the new book Cyber in the Age of Trump: The Unraveling of America's National Security Policy. He also has written Hacked: The Inside Story of America's Struggle to Secure Cyberspace. He is the editor and founder of the online news service Inside Cybersecurity, and he's based in Washington, D.C.
Q: Why did you decide to write Cyber in the Age of Trump, and what do you see as Trump's overall attitude toward cybersecurity issues?
A: Hi Deborah and thanks for hosting these Q&As – I love reading them and am honored to participate for a second time!
I wanted to explore the constants and the disruptions in the change from President Obama to President Trump in an area – cybersecurity – that really poses existential threats to our country.
It’s been a mixed bag, as you can imagine: The Trump administration adopted a lot of the Obama approach, which was a relief to many cyber pros. But there have been fundamental changes and some are downright baffling.
Just a few examples: The Trump team jettisoned the one White House position meant to coordinate cyber efforts across the government; their approach to partnerships with allies has been a mess; and perhaps most notably, this administration has been much more aggressive in the use of cyber offensive weapons overseas.
The overall results are still to be determined, but I see Trump’s term as a missed opportunity in cyberspace.
Trump’s overall attitude is an interesting question. As a business person he could bring a valuable perspective to the cyber policy dialogue. But he hasn’t done that.
The whole issue became hopelessly entangled, for him, with the Russia hack of the 2016 election. That’s made it hard for his government to absorb lessons because Trump seems to think any discussion of 2016 threatens his own legitimacy as president. It doesn’t have to be that way, but that’s how the president approaches issues.
This is a sequel to my 2016 book, Hacked: The Inside Story of America’s Struggle to Secure Cyberspace, which explored the early days of U.S. cyber policy, especially in the Obama years.
Q: In our previous Q&A, back in 2016, you said, "I really enjoy covering the cyber issue because it is a fresh policy debate and isn't as bogged down by the same old partisan splits or industry splits that characterize policy making in so many other areas." Do you think it's still less of a partisan issue now?
A: Cybersecurity still has a bipartisan aura, but it’s an understatement to say that’s been strained over the past four years.
In Hacked, I described the relationship between the House Intelligence Committee’s top Republican, Devin Nunes, and the top Democrat Adam Schiff as one of the most productive partnerships in Congress when it came to cybersecurity.
In Cyber in the Age of Trump, they become mortal enemies, thanks to the intense partisanship around the Russia investigation.
But bipartisanship is clinging to life. The Senate Intelligence Committee has examined the events of 2016 and is producing a series of reports and recommendations without a hint of partisan strife. There have been disagreements, to be sure, but this is a great example of lawmakers rising above zero-sum politics. It still happens!
Q: How did you research this book, and did you learn anything that especially surprised you?
A: The book came out of my daily reporting for InsideCybersecurity.com, and then thinking through the context and implications of the things I was seeing every day in the Trump administration, Congress and around the world on cyber.
In stepping back to get a view of the whole, I was struck by how cybersecurity is essentially a battle for the survival of democracy. And it goes way beyond the debates over securing voting machines and voter registration databases, as important as those are.
At one point I found myself asking whether cybersecurity is just about credit card fraud and big companies dealing with their liabilities. It’s not.
Cyber chaos undermines democracies in so many ways, and it ultimately plays into the hands of tyrants who aren’t very interested in the internet as a medium for the exchange of ideas, creating new economic opportunities and advancing freedom.
Repressive governments see cybersecurity as a way to clamp down on dissent and new ideas; democratic countries need to find a way to secure the internet while embracing and promoting our values.
Q: What do you see looking ahead when it comes to cyber issues?
A: I do see more partisan strain in the political arena, unfortunately, and even more challenges coming in the security realm.
The Internet of Things – in which everything is connected on the internet – is creating a vast new attack surface with ramifications way beyond credit card theft.
We’re talking about interfering with airplanes and driverless cars, knocking out electricity, even targeted attacks on heat or air conditioning in homes, and much more. It’s real physical destruction and even death.
There is a lot of chatter about this among security pros, but the conversation needs to be elevated. This needs to be a national dialogue, led by the president and leaders from every domain.
The coming vulnerabilities in IoT, the frightening advances in cyber-attack tools and the ability to spoof and spread disinformation, plus our political polarization, are adding up to a challenge unlike anything we’ve faced before in our democracy.
Q: What are you working on now?
A: I’m mostly focused on the day-to-day, week-to-week developments in cyberspace and how the policy pieces fit together to counter the threats. There’s a lot of action to cover -- along with an emerging debate that may pit security against freedom, privacy against convenience.
There are interesting proposals out there for a whole-of-society response to the cyber challenge writ large, and I’m following how they will be accepted or rejected by the body politic.
Q: Anything else we should know?
A: I want to give a shoutout to the talented, dedicated people working on cybersecurity in government and the private sector, and the individual researchers called “white hat hackers.” They all need support and everyone can play a role.
Cybersecurity is only in part a technical issue. There are amazing things going on in the technology sphere, and yet tech won’t answer all of our cyber questions or solve all of our cyber problems.
Cyber is about privacy, civil liberties, economic decisions and trying to build a social contract around these issues for the digital age.
We have a big challenge in front of us!
--Interview with Deborah Kalb. Here's a previous Q&A with Charlie Mitchell.