By Joseph Marks
President Trump on Capitol Hill in Washington on Jan. 9. (Melina Mara/The Washington Post)
That partisan divide on basic cybersecurity questions is a troubling signal that government’s handling of an issue officials have called a greater threat than terrorism will be hampered by the sort of partisan bickering that has bedeviled health care, immigration and other topics, experts said.
A whopping 87 percent of Democrats believe a hostile power will tamper with U.S. elections compared with 66 percent of Republicans. And just 47 percent of Democrats believe the U.S. government is prepared to deal with a major cyberattack according to Pew, compared with 61 percent of Republicans.
“It’s really strange that election security is becoming a partisan issue, but it is,” Peter Singer, a senior fellow at the New America think tank who has written extensively about cybersecurity, told me.
The partisan divide isn’t just clear in opinion polling: Democrats are turning election security into a top-tier policy issue. Singer pointed to the new House Democratic majority’s decision to include a lengthy section on election security in its first piece of major legislation, the For the People Act, which also tackled issues such as voter access and campaign finance restructuring, which were aimed squarely at jabbing Republicans.
That’s a shift from before the 2016 election, when Republican and Democratic legislators generally agreed about the broad cyberthreat despite squabbling -- both across the aisle, and within each party-- about some related issues, such as the proper balance between security and privacy.
That’s a shift from before the 2016 election, when Republican and Democratic legislators generally agreed that hacking posed a major national security threat that required a surge of effort by both government and industry. Political cyber disputes back then generally focused on the balance between privacy and security and cut across party lines, pitting civil libertarians against security hawks in each party.
The partisan divide among citizens on cybersecurity has been creeping up for years, including before Trump's election.
A poll conducted before the 2018 midterms by the Associated Press-NORC Center for Public Affairs Research and the University of Chicago found only 39 percent of Republicans were “very concerned” about election hacking vs. 58 percent of Democrats. Yet polling showed the inverse when Democrats were in charge: The same poll conducted in 2016 while Barack Obama was president found Republicans were more concerned than Democrats by a margin of 52 percent to 35 percent. That poll was conducted by the AP center alone.
“It’s not hard to tell a story there about people who were happy with the last election so they’re not worried about the issue, and people who were unhappy with the election, so they say it’s a big problem,” Anthony Fowler, a University of Chicago assistant professor of public policy who worked on the survey, told me.
That partisan shift between the Obama and Trump presidencies also isn’t unique to cybersecurity. Pew polled Americans about their confidence in government’s ability to manage a dozen different topics in October 2015 and December 2017, and found a partisan flip in every category.
Some of the topics were ones Democrats and Republican generally disagree on, such as immigration and environmental protection, but others were largely nonpartisan, such as infrastructure improvements and ensuring safe food and medicine.
In some ways it’s unsurprising that people will see cybersecurity through a partisan lens during hyperpartisan times.
“There is a wish among many people, especially those in the security world (not just cybersecurity) that concern over security stops at the water’s edge, [but] voters don’t behave that way,” Charles Stewart III, an MIT political science professor, told me in an email.
That may be even more true for issues such as cybersecurity where citizens often have limited specialized knowledge of their own and so are more likely to rely on what they hear from politicians, said Stewart, who also has done research on citizens’ election security views.
It’s also possible, however, that people’s partisan responses in surveys don’t reflect their beliefs if you dig a little deeper, Fowler told me. He cited 2015 research that found Republicans and Democrats were more likely to label factual statements as true or false if they helped their party but that the partisan division disappeared if the respondents were given cash incentives to answer correctly. The respondents still may not know that deficits shrank during the Clinton presidency, for example, but Republicans were no more likely than Democrats to incorrectly label that statement as false.
Given that evidence, it’s possible that Republican and Democratic citizens agree much more about cybersecurity than they seem to, Fowler said.
“I do think some of it might just be cheerleading,” he said. “There’s certainly some of the: ‘I’m a Democrat, so I must say I don’t trust Trump, even if I do think it’s good the federal government is doing what they’re doing.’ ”
|You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.|
|Not a regular subscriber?|
PINGED: As the partial government shutdown drags on, examples of the harm that the lapse in funding is causing to U.S. cybersecurity efforts continue to accumulate. CyberScoop's Greg Otto reported that a career fair for the CyberCorps: Scholarship for Service program in Maryland this week was a stark reminder of the shutdown. Agencies with an emphasis on cybersecurity including the National Institute of Standards and Technology, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency and the State Department were represented only by empty booths, Otto noted.
NEW: Earlier this week, I went to an OPM-run job fair for students who are obligated to find cybersecurity jobs in the US government. A number of those agencies couldn't show up due to the shutdown. It was an interesting scene. https://t.co/tnQ1kcXUdz— Greg Otto (@gregotto) January 9, 2019
On Capitol Hill, Rep. Robin L. Kelly (D-Ill.) said the shutdown will hamper the federal government's ability to recruit IT professionals in the long run. “How can we ever hope to recruit or maintain IT talent when hardworking government workers are told: ‘sorry, you aren’t getting paid, but you still need to come to work’ or ‘sorry, but no paycheck this week because of politics?’” Kelly said in a statement. “Large private sector companies never say this to their employees and these are our competitors when it comes to IT talent recruitment.”
The Brooklyn Federal Courthouse where the trial of Mexican drug lord Joaquín Archivaldo Guzmán Loera, also known al “El Chapo,” takes place on Jan. 9. (Johannes Eisele/AFP/Getty Images)
Prosecutors presented text messages between Guzmán and his wife and mistresses, the New York Daily News's Molly Crane-Newman and Nancy Dillon reported. Guzmán had ordered that spyware be installed onto the devices. “When the turncoat techie told investigators about the FlexiSPY software Chapo was using, they retrieved the messages through a subpoena, FBI agent Stephen Marston testified,” the Daily News reported.
From the New York Times's Alan Feuer:
The only thing more astonishing than these marital messages is how the government got them.— Alan Feuer (@alanfeuer) January 9, 2019
Turns out, Chapo was using Flexi-spy spyware to monitor Emma's phone. The IT guy installed it. He told the FBI. The FBI subpoenaed Flexi-Spy.
Chapo's texts w/his wife.
Hands type on a computer keyboard in Los Angeles on Feb. 27, 2013. (Damian Dovarganes/AP)
“Exploiting these messenger platforms sidesteps many of ISIS’s security concerns and allows the group to take advantage of tech companies’ existing audiences,” according to Katz. “Apps like RocketChat and Viber further enable ISIS media workers to curate, tailor, upload, and disseminate content more effectively from their phones or computers.”
Supporters of the extremist group are also posting content on Discord, a messaging app for gamers organized in “servers” containing multiple text and voice channels. One of those servers “has featured official ISIS media, Telegram links, and commentary about the group’s operations and strategy,” Katz wrote.
— Deputy Attorney General Rod J. Rosenstein, who appointed Robert S. Mueller III to direct the investigation into Russian interference in the past U.S. presidential election, expects to leave the Justice Department if a new attorney general is confirmed, The Washington Post's Matt Zapotosky and Devlin Barrett reported. “Rosenstein’s expected departure — whenever it occurs — will probably spark fears about the future of the Mueller probe, though even now Rosenstein is not technically in charge of it,” my colleagues wrote. “Rosenstein appointed Mueller to investigate whether the president's campaign had coordinated with the Kremlin because then-Attorney General Jeff Sessions recused himself from the matter.”
— Former National Security Agency contractor Harold T. Martin III is accused of taking home at least 50 terabytes of data — including hacking tools — without authorization, but no public evidence has suggested that he was the source of the Shadow Brokers, a group that U.S. intelligence believes is linked to Russian intelligence and released NSA hacking tools in 2016, The Post's Ellen Nakashima reported. “Martin, who is in plea negotiations over charges of willful retention of national defense information and theft of government property, is not facing accusations that he transmitted classified material to any unauthorized recipient,” my colleague wrote. Martin is set to go on trial in June.
— More cybersecurity news from the public sector:
German Interior Minister Horst Seehofer speaks during a news conference in Berlin on Jan. 8. (Fabrizio Bensch/Reuters)
— Norwegian Justice Minister Tor Mikkel Wara said Norway is considering whether to block Chinese telecommunications giant Huawei from building part of the country's 5G network, according to Reuters's Gwladys Fouche. “We share the same concerns as the United States and Britain and that is espionage on private and state actors in Norway,” Wara said. Officials in Washington have said Huawei represents a threat to U.S. national security.
Tore Orderloekken, cyber security officer at Huawei Norway, defended the company's equipment. “We will continue to be open and transparent and offer extended testing and verification of our equipment to prove that we can deliver secure products in the 5G network in Norway,” Orderloekken told Reuters.
— More cybersecurity news from abroad:
- The Brookings Institution hosts a discussion titled “How China and the U.S. are advancing artificial intelligence” on Jan. 14.
- The Center for Strategic and International Studies hosts a discussion on the Justice Department's responses to cyber threats on Jan. 15.
Cable news had some thoughts on Trump's border wall speech:
One mother's struggle as the shutdown grinds on:
Just a few weird tech products we saw at CES 2019:
Source: The Washington Post