Trump’s Plan for Cyberwar

In a meandering, 100-minute-long telephone interview with The New York Times last week, Donald Trump elaborated on some of the bold and belligerent foreign-policy prescriptions he’s hinted at in the past.

He touched on nuclear weapons, spying and the fight against ISIS, bringing his tried-and-true “we’re losing” doom and gloom to each topic. His proclamations of decline seem to be designed to support what he said outright on Twitter last week, after a bombing in Pakistan killed dozens and injured hundreds: “I alone can solve.”

When confronted with a question about cyberwarfare, Trump leaned on the same tactics, while displaying a profound unfamiliarity with the issue.

David Sanger, one of the two Times journalists interviewing Trump, asked the candidate if the U.S. should use cyberweapons as an alternative to conventional weapons or nukes, and if so, how often.

Trump said he didn’t think cyberweapons are an alternative to nuclear weapons “in terms of ultimate power.” He tacked back to discussing nukes—“I will tell you, I would very much not want to be the first one to use them, that I can say”—until Sanger asked him again how he would use the U.S. cyber-arsenal as president.

And that’s when the Trump kicked into full woe-is-us mode. Here’s his answer, in full:

First off, we’re so obsolete in cyber. We’re the ones that sort of were very much involved with the creation, but we’re so obsolete, we just seem to be toyed with by so many different countries, already. And we don’t know who’s doing what. We don’t know who’s got the power, who’s got that capability, some people say it’s China, some people say it’s Russia. But certainly cyber has to be a, you know, certainly cyber has to be in our thought process, very strongly in our thought process. Inconceivable that, inconceivable the power of cyber. But as you say, you can take out, you can take out, you can make countries nonfunctioning with a strong use of cyber. I don’t think we’re there. I don’t think we’re as advanced as other countries are, and I think you probably would agree with that. I don’t think we’re advanced, I think we’re going backwards in so many different ways. I think we’re going backwards with our military. I certainly don’t think we are, we move forward with cyber, but other countries are moving forward at a much more rapid pace. We are frankly not being led very well in terms of the protection of this country.

Trump appears to be making three points here: first, that the U.S. is “obsolete in cyber”; second, that the U.S. can’t even tell where attacks are coming from; and third, that “the power of cyber” is “inconceivable” and should figure “very strongly in our thought process.”

That latter point is hard to argue with. Cyberweapons are indeed mind-bending: Look no further than Stuxnet, a U.S. and Israeli cyberattack that caused Iranian nuclear centrifuges to spin out of control and destroy themselves. It was a landmark moment for state-on-state cyberattacks.

But his first two points are, as far as conventional wisdom goes, far wide of the mark. The U.S. is in fact believed to have the most powerful arsenal of cyberweapons of any country. Its specific capabilities are a closely guarded secret, but the government is likely hoarding knowledge of vulnerabilities and security flaws that it could use to inflict damage on other countries’ computer systems—sort of like a reserve of warheads ready to be deployed.

And while attributing cyberattacks to a country or an individual is indeed one of the more difficult aspects of cyberwarfare—far trickier than figuring out where a missile was fired from, for example—the U.S. has gotten pretty good at it. Soon after Sony Pictures Entertainment became the victim of a massive hack in 2014, for example, U.S. officials pointed fingers at North Korea. The government was able to come to that conclusion because it had been spying on North Korean networks since 2010, The New York Times reported.

More recently, the Justice Department has embarked on a name-and-shame campaign, bringing public charges against foreign state-sponsored hackers who attack U.S. government and private-sector computers. It began in 2014, when the department placed five members of China’s People’s Liberation Army on a list of most-wanted cybercriminals for stealing trade secrets. In the past two weeks, two Syrians and seven Iranians have been charged and added to the list.

When Trump bemoans an “outdated” the U.S. cyber-arsenal, he might be thinking instead of the sorry state of America’s cyber-defenses. Its shortcomings were made incredibly clear by the Chinese attack on Office of Personnel Management servers in 2015, when hackers gained access to the private information of 22 million people. Numerous other attacks on government systems and email servers have proved the government’s difficulty keeping digital information safe.

Trump certainly isn’t the only presidential candidate without a meaningful cybersecurity and cyberwar platform. A Wired summary of the contenders’ positions showed that all of them have painted their positions in very broad strokes, if they’ve even taken one.

But whoever takes over the Oval Office in 2017 will be handed more than just the country’s nuclear codes. The next high-stakes raid may not involve an elite team of Navy Seals, but rather hinge on vulnerabilities in an enemy’s computer code—so presidential hopefuls had better start wrapping their head around the “inconceivable power of cyber.”