Dem party hack shows neither side is serious about cybersecurity
© Getty Images

The news that the Democratic National Committee (DNC), the Democratic Congressional Campaign Committee (DCCC) and the Hillary ClintonHillary Diane Rodham ClintonJudge rules to not release Russia probe documents over Trump tweets Trump and advisers considering firing FBI director after election: WaPo Obama to campaign for Biden in Florida MORE Campaign were hacked — ostensibly by hackers associated with the Russian government — started trickling out just before the start of the Democratic convention. These developments could not have come at a worse time for the Democrats. The messy revelations stemming from these breaches threatened to upend the convention itself. They cost the DNC chairman her job and forced the resignation of the DNC's CEO.

ADVERTISEMENT

All this sound and fury because a whole bunch of intemperately written emails were revealed to the public. These emails showed that the DNC was heavily skewed to support Clinton's presidential campaign over her primary rival, Sen. Bernie SandersBernie SandersBiden endorses Texas Democratic House candidate Julie Oliver Ocasio-Cortez rolls out Twitch channel to urge voting Calls grow for Democrats to ramp up spending in Texas MORE (Vt.). And there may be worse to come for the Democrats. If WikiLeaks — who somehow got its hand on these emails and other private data — fulfills its promise to release even more of them from any of these party organizations, we could be in for a whole new set of unwelcome surprises in the next 98 days.

But it's not just the Democrats who should be concerned about these breaches. This cyberattack has implications for every political group and, frankly, every organization in the U.S. From the Republicans to the Libertarians to the Greens, to your bank, our electric grid and your place of work, it's way past time for America to have a rational and informed discussion about cybersecurity.

When the internet was first developed, it was designed to foster communications between researchers. Security was, at best, an afterthought. Throughout the '80s, '90s and the 2000s, we built ever more capable systems, developed faster and faster processors, housed billions of terabytes of data, and placed our private and public lives increasingly online. We did much of this without really designing security into the software and hardware that was making all this possible. Few of us really thought much about internet security.

The first widely available security measures were anti-virus programs, designed to stop computer viruses and malware. Although many of these products became popular, they proved to be imperfect antidotes to the ever-increasing number of cyber threats consumers, governments and businesses were confronted with. One of the main shortcomings of products like these was that they were only as good as the last virus they were programmed to counter. In other words, they were incapable of adjusting to changes in the malware that was attacking our computer systems.

Hackers were smart enough to realize this; they watched the anti-virus companies develop their software, then they built malware that would not be recognized by the anti-virus software. In a basic sense, that is how hackers continue to get into systems that are supposedly "protected" from cyberattacks. But in a world in which as many as 1 million different malware variants are released into the "wild" every day, it's become very difficult to sustain the original anti-virus model.

Today, there are many other ways of protecting data besides "traditional" anti-virus programs. Unfortunately, many organizations don't make the effort to build the creative defenses that are necessary to protect themselves from pernicious and persistent cyber threats. As a start, organizations — including political parties — need to guard against phishing attacks, sanitize their email attachments, develop Data Loss Prevention strategies, guard against insider threats and encrypt their most critical data.

I know that very few organizations have undertaken these measures. Their failure to do so has the potential to cost us dearly. In fact, the direct and indirect costs associated with cyber crime and other forms of hacking may already top $2 trillion annually worldwide. And those costs do not include the damage to reputations and brands that have had their data stolen. That's a pretty high price to pay by anyone’s calculation.

What happened to the Democratic Party and the Clinton campaign can happen to any organization or individual. Just ask Target, Home Depot or Sony Pictures, to name just three of the thousands of businesses that have been hacked. As each of these organizations found out, cybersecurity is far too important to leave in the hands of a checklist-minded information technology (IT) staff. It requires the consistent attention of every organization's most senior leaders. Those senior leaders need to incentivize their IT and security teams, as well as their suppliers, to deploy the most effective cybersecurity solutions available.

The Democrats should have known that they would be the target of a hacking campaign. If initial assessments are proven correct, and Russia is indeed behind the hacks of these Democratic Party institutions, then we are confronted with the reality that state actors are not only targeting their governmental counterparts, but they are also targeting any and all organizations that could give them the insights they need to form their intelligence picture of the U.S. While it is sometimes good to ensure a hostile intelligence service understands exactly what your position on a given issue is, the decision to reveal such information should be part of a grand strategy, not a consequence of lax or haphazard security.

These hacks highlight the fact that our networks are significantly underprepared for the era of cyber conflict in which we currently find ourselves. Neither presidential campaign seems to fully appreciate this fact. On one side we have what sounded to many as an obtuse invitation to Russia to reveal some of the "take" from its hacking efforts; on the other, we have a candidate who tried to play "fast and loose" with legitimate computer security procedures by setting up an unauthorized private email server and then explaining it all with a series of patently false statements to the American people. Both candidates' lack of seriousness in this crucial area bodes ill for the future. It also draws into question whether or not America's election process itself is secure from hackers.

There is much we need to do to fix this. Tuesday, President Obama told the press that although we are prepared to respond to cyberattacks such as those levied against the Democrats, our legal framework has not caught up with current cybersecurity reality. It's also clear that we will continue to face technological challenges in this area. Innovation, modernization and creativity will help move us in the right direction. But, in order to do so, we must have the right governmental policies, the right laws, the right international treaties and the right mindset to create a more secure internet.

Very few political candidates are speaking about this issue. Wouldn't it be nice if the presidential candidates from both parties would start to talk about this issue with the seriousness it deserves?

Leighton is a retired career Air Force intelligence officer and is currently chairman of Cedric Leighton International Strategies.


The views expressed by contributors are their own and not the views of The Hill.