Trump and his cyber ‘czar’ Giuliani want to outsource US cybersecurity. Can you guess where-to?
I was going to write about this myself, but then I realised that an article about this already existed on Ars Technica, so I will simply present it here without preamble:
Ars Technica UK, ‘Giuliani announces he’ll be Trump’s czar for the cyber thing’, 12 Jan 2017 (emphasis added):
Former NY mayor tells Fox that private industry will solve cybersecurity for the US.
On Fox News’ morning show Fox & Friends, former mayor (and frequent proxy for Donald Trump) Rudy Giuliani announced that he would be coordinating a cybersecurity advisory group for the Trump administration.
Giuliani’s bona fides for this role apparently spring from his time as chair of the “Cybersecurity, Privacy and Crisis Management Practice” at the New York law firm Greenberg Traurig, a position he assumed a year ago. However, it’s not clear that Giuliani has ever had any direct experience in cybersecurity law or policy. Giuliani previously was a partner in a Houston-based international law firm Bracewell (formerly Bracewell & Giuliani) for over 10 years, and he ran his own security consulting firm based on his mayoral experience and credibility from New York City’s measures taken after the September 11, 2001 terror attack. But Giuliani is really counting on private industry to provide all the answers.
“The President-elect decided that he wanted to bring in on a regular basis the private sector—the corporate leaders in particular and thought leaders in particular for cyber, because we’re so far behind,” said Giuliani. “And it’s his belief which I share, that a lot of the solutions are out there, we’re just not sharing them. It’s like cancer—there’s cancer research going on all over the place. You’d almost wish they’d all get together in one room, and maybe they’d find a cure.”
Giuliani said he believes that industry will have to lead an answer to cybersecurity rather than government. “That’s where we have the great creativity and we have the huge amount of money, and that’s where we have these great companies, the greatest in the world,” Giuliani said this morning. “So the idea here is to bring together corporate leaders and their technological people. The president will meet with them on an ongoing basis, as well as anyone else in the administration… I’ll coordinate the whole thing.”
The goal appears to be a one-way flow of information from industry to the government. “Number one, it’ll give the government all the information available in the private sector,” Giuliani explained. “Number two, it’ll form a little more connection between these people who are doing cybersecurity so they can work with each other. Some of these people, you put one and two together, you’re going to come up with six.”
Much of the private sector already shares information with each other, so it’s not really clear what benefit other than presidential face time corporate executives and “technological people” will get out of this proposed arrangement. The financial industry, for example, has the Financial Services Information Sharing and Analysis Center; the auto, aviation, telecommunications, health, retail, and transportation industries, among others, all have their own organizations as well.
Previously, there have been efforts, including the Cybersecurity Information Sharing Act of 2015, to encourage an exchange of information between government and industry. And the Obama administration made attempts to foster other industries to form information sharing and analysis organizations (ISAOs) through the Department of Homeland Security’s National Cybersecurity and Communications Integration Center. That administration also encouraged information sharing standards.
It’s not clear what roles any ISAOs will have in this new cybersecurity body, or even who the “thought leaders” Giuliani wants to participate will be. But Giuliani apparently wants to include foreign cybersecurity firms, including some from Israel. “They have tremendous cyberdefense research,” he said this morning. “We don’t get access to that over here.”
This post originated on Ars Technica
So there’s that. Apparently Rudy Giuliani knows just enough about cybersecurity to try to delineate precisely what it is and where it begins and ends, but not enough to know that IO, EW and ‘CW’ exist along a long gradient and that outsourcing a government’s cybersecurity to a foreign state’s supposedly ‘private’ companies, is a really bad idea because all the things on the gradient actually cannot be disentangled from each other.
The fact that the Trump administration would allow any input from Israel on this issue, is enabled because they have been able to take advantage of the mandate handed to them by their apparently desperate supporters, to such an extent that they have been able to now embark on reversing even the most reasonable policies of the Obama administration. The Trump administration is continually signalling that the US after 20 Jan 2017 will be trusting Israel to a degree that is unprecedented in American history.
Basically they are handing over what can only be described as a critical institutional chokepoint in the cyber domain, to Israel.