President Trump’s executive order on cybersecurity is a “great start” for strengthening the protection of computer systems, but much more could be achieved with international regulation, cyber security expert Gary Miliefsky told Radio Sputnik.
On Thursday, US President Donald Trump signed an executive order aimed at strengthening the cybersecurity of federal networks and critical infrastructure.
The legislation has three sections: cyber security of federal networks, cyber security of critical infrastructure, and cybersecurity for the nation.
Cyber security expert Gary Miliefsky, a founding member of the US Department of Homeland Security, told Radio Sputnik that the order is a good start to better cyber protection, including better protection of infrastructure such as power networks.
“Section two [of the order] is power and other areas where we’re worried, if someone were to breach and take out the electricity or transportation etc. We do need to beef that up, that’s an old-world technology area.”
“All that equipment is moving to what’s called TCP/IP, the internet, and it needs to be secured and hardened.”
Improving cyber security is a long-term process that “isn’t going to going to happen overnight,” Miliefsky said.
“I think it’s going to be multiple years of constant vigilant improvement and measurement to see that it’s happening. One way to measure that is to go to a website called ‘privacyrights.org’ and you’ll see how many breaches have happened in America and how many record we’ve lost. This could happen anywhere in the world, if the banking system is doing great in America, you’ll notice a lot of banks are getting attacked.”
Miliefsky said that better regulation of manufacturing is needed to produce “smart” gadgets which are still safe from cyber-attack. In addition, governments worldwide could come together and form an agreement regarding cyber-warfare.
“The manufacturers of the equipment we’re using are not building them with security by design, these are weak devices, easily exploited. It’s going to take an effort both in the government and the industry to ensure that the word ‘smart’ should also mean ‘secure,’ by design.”
While the new legislation is a “great start” toward creating a more cyber-secure, it will take time and money to be effective. The efforts are complicated by the desire of some government intelligence agencies for weak internet security.
“One of the challenges we have is to find a balance between worldwide government agencies spying on everybody, and us having hardened, solid products that work well and are designed with security from the beginning. We’ve got that challenge that needs to be overcome in the government and that’s not part of this proposal so to me needs to be the next conversation.”
“There’s no moratorium on cyber-warfare, there’s no Geneva Convention. If all major countries – Russia, India, Brazil, China, the US, Ukraine, Iran and North Korea, back down from attacking each other quietly and work out some convention [because] there is cyber warfare going on every day – we will overcome these challenges.”
“[There is] so much rampant, zero-day malware in the wild, much developed by nation-states. So there needs to be a form of ‘hey, let’s get together and work something out,'” Miliefsky said.