5 Questions For Cybersecurity Expert Bruce Schneier After the Latest White House Hacking
Democrats didn't need this: Another cyberattack on an unclassified White House computer network (and unconfirmed reports of Russian involvement) in the closing days of a midterm election in which voter frustration toward President Barack Obama, government dysfunction and national security fears already are hurting their chances of hanging onto control of the Senate.
Chinese hackers reportedly targeted White House staffers' Gmail accounts in 2011. The next year, Chinese hackers reportedly used spear phishing to break into an unclassified network of the White House Military Office. But the problem didn't start with Obama—attempted cyberattacks on the White House date at least to 2008, during George W. Bush's administration. And U.S. Cyber Command, the military arm formed to ward off against cyberattacks, was launched under his administration. So should Obama get blame, credit or sympathy for this modern problem?
For analysis, we turned to Bruce Schneier, chief technology officer at the cybersecurity firm Co3 Systems and a leading blogger on the topic. An edited transcript follows.
Do we know the number of hacking attempts on the White House?
I'm sure the White House is attacked thousands and tens of thousands of times a day ranging from random (unaffiliated hackers) to nation states. Welcome to the world. Successfully hacked? We do not know. I guarantee you that's classified.
How well is the administration doing in fending off hackers?
Metrics like that are really hard to come up with.... And, two, they're not going to tell you that number, not the White House, not WalMart, not the Chinese government. Presumably they're muddling through. We know from the [Edward] Snowden documents there are some top NSA programs that are cyber defense. We know there are things governments can do that corporations can't. We also know on the Internet today, attack is much easier than defense.
Would cyber-attacks against the White House affect your vote?
That makes freaking no sense. There are nutty people out there who say Republicans are better than Democrats (at cyber defense). But how does political affiliation affect network security? To me it's evidence of, we're doing a really great job. They didn't get anything. Nobody stole your money. Congratulations.
Does the prospect of Russian involvement strike you as important?
To me, it's not. U.S., China, Russia, UK, France, Israel engage in quite a lot of hacking on each other, and corporations on each others' territory. Some countries are doing it more. The U.S. is probably the worst offender in cyber-attacks out there.
Is there anything about the latest report that concerns you?
That answer is a 50-page answer. These aren't sound-bite things. I want to know everything. These reports tend to be so information-free. As as techie, I get no information from them, so I don't know what's real.