This morning, a group of MIT researchers released a set of eight key cybersecurity recommendations for President Trump, titled, "Keeping America Safe: Toward More Secure Networks For Critical Sectors." The report was published by MIT’s Internet Policy Research Initiative in conjunction with MIT’s Center for International Studies.
It looks at the potential vulnerabilities in American infrastructure, from communications to energy to banking. They urge President Trump to make cybersecurity a pressing issue not just within the federal government, but to include the private sector.
The principal author of the 50-page report is Joel Brenner.
Joel Brenner, former inspector general of the National Security Agency and head of U.S. Counterintelligence in the Office of the Director of National Intelligence, and currently a senior research fellow at the MIT Center for International Studies, which tweets @mit_cis.
On the cybersecurity threat to the U.S.
"It's very, very serious. We know that sophisticated attackers can take down the systems that power our electric grid, pipelines, railways switches, banks and so on. They have the means to do so today.
"And what's particularly troublesome is the likelihood that transnational terrorists and criminal organizations could also achieve the capacity to do that. I don't think they have yet. There's a certain deterrent effect among the large nation states, since if you try to do it to us we could presumably do it to you as well or probably a lot better. But you can't deter transnational terrorist organizations or criminal organizations that way. And so I think this is a problem that's getting worse, not better. "
On his recommendations to the White House
"We've suggested raising the profile of what has been called the cybersecurity coordinator in the White House and making that person a deputy national security adviser. But then there are other certain things that won't be done right away but need immediate attention.
Let me give you an example. We've concluded that critical infrastructure cannot be made more reasonably secure unless certain elements of those networks are removed from the public internet.
It used to be, a generation ago, if you wanted to get to the control on the switch on an Amtrak or a rail line, you had to go into a locked room that only the engineer could get into. Same thing if you wanted to get into the controls on an electric transmitting station. These controls were meant to be physically locked up. We've made them electronic now, we've digitized them and that's not likely to change. We haven't recommended a change. But we have recommended that those parts of critical networks ought to be isolated from the public network ... you can have digital networks that aren't publicly accessible."
On how he's hoping different parts of the government will work together
"We recommend that the secretaries of Homeland Security, Defense and Energy get together to create a market for more secure hardware and software for the critical infrastructure ...
"[For example,] right now, the computer chip in a control on a pipeline valve is probably the same chip in your kid's computer or in a game that's being played. Probably has 2 million lines of code in it, all in order to control a valve that is either open or shut or somewhere in between. Now, we know how to make simpler controls which are less vulnerable ... But there isn't a market for that stuff."
On his conversations with the White House
"We're really hopeful that they will see our report as complementary to what they're doing. After 25 years of saying a lot and doing nothing on critical infrastructure, we can't let this infrastructure get short shrift again."
On if it will take a large scale attack to show people how vulnerable we are
"I confess I have had the same thoughts. Let's just hope that if something bad happens, it's bad enough to make us change our ways and not bad enough to cause us horrible, horrible problems. When Americans really wake up and decide to do something, nobody is better at it. But getting our attention for something that's beyond our private, good or bad is difficult. And that's the dilemma we've got now."
This segment aired on March 28, 2017.