A cyber-warfare expert speaking at the South by Southwest conference over the weekend warned attendees that a significant number of high-ranking government officials know very little about cyber-security, and can’t even answer basic questions about email and internet service.
The Center for 21st Century Security & Intelligence Director Dr. Peter W. Singer cited several government policy legislators – many of whom decide on tech policy issues – that have yet to even adopt email as a communication method.
“Don’t laugh, but I just don’t use email at all,” former Homeland Security head Janet Napolitano told Singer. “It wasn’t a fear of privacy or security – it’s because she just didn’t think it was useful,” Singer recalled in a Guardian report.
A Supreme Court justice responsible for voting on issues from National Security Agency legality to net neutrality told Singer “I haven’t got round to email yet.”
Another U.S. representative asked Singer what an “ISP” was before embarking on cyber-security negotiations with China.
“That’s like going to negotiate with the Soviets and not knowing what ‘ICBM’ means,” Singer said. “And I’ve had similar experiences with officials from the UK, China and Abu Dhabi.”
During the G20 Summit numerous diplomats opened a widespread fishing email with a link to nude photos of former French first lady Carla Bruni-Sarkozy, and subsequently infected their computers with spyware.
Even President Obama admitted to being concerned that the complexity of tech issues threatened to overwhelm policy makers.
That poses a huge risk to a world with 30 trillion websites, 40 trillion annual emails, nine new pieces of malware every second and 97 percent of Fortune 500 companies admitting they’ve been hacked, with the remaining 3 percent unwilling to admit it according to Singer.
The director cited Pentagon briefings in 2012 that mentioned the word “cyber” 12 times – a number that has already increased to 147 times in 2014 alone, along with a recent Pew research study that found Americans are more afraid cyber-attacks than Iran, North Korea, climate change, China and Russia.
“Cybersecurity is crucial, and as intimate to your life as your bank account,” Singer said. “It’s treated as an area only for IT folk, and the technical community that understands the hardware and software but not the wetware – the human side.”
Adopting basic “control measures” could stop 90 percent of all cyber attacks in the U.S. according to Singer, who said secure networks were most frequently and successfully hacked by “candy drops” – when employees pick up and plug in infected flash drives strategically dropped by hackers in parking lots outside of installations.
“Ben Franklin said an ounce of prevention is worth a pound of cure,” Singer said. “The Centre for Disease Control and Prevention says that is true of public health but it is also true of cyber-security… very basic cyber hygiene would go an very long way.”