Democracy itself is at risk from cyberattacks, 40,000 security professionals at the world's largest cybersecurity event have been told.
Michael McCaul, chairman of the House of Representatives homeland security committee, says he has no doubt the Russian government will interfere with US elections in the future, having done so at the recent presidential poll .
Speaking told the RSA conference, he said: “The threat is worse than just espionage. Our democracy itself is at risk. Last year, there’s no doubt in my mind that the Russian government tried to undermine and influence our elections. They broke into political institutions, invaded the privacy of private citizens, spread false propaganda. They created discord in the lead-up to an historic vote.”
Mr McCaul said he had been briefed on the situation. “Frankly it didn’t matter to me whether it was Democrats or Republicans being targeted; these were Americans first in the crosshairs of the Kremlin and to me that was unacceptable.”
The Texas Republican said last year he believed Democratic presidential candidate Hillary Clinton’s alleged exposure of potentially sensitive information to multiple hacks by foreign actors amounted to “treason”.
Speaking at the Moscone Center in San Francisco on Tuesday, he said he had pushed both the Obama administration and then presidential candidate Donald Trump to take "public and forceful stands" on the issue but he had been disappointed in their responses.
“The crisis was the biggest wake-up call yet that cyberintrusions have the potential to jeopardise the very fabric of our republic.”
Mr McCaul said the government was “in the fight of our digital lives and we are not winning”.
The threat data to stop many intrusions was available but sharing was still far too weak, he said. As a result the vast majority of cyber attacks went unreported, leaving others open to the same intrusions.
Citing Russian and Chinese hacking, he said it was clear to him that adversaries were turning digital and overtaking defences.
“Nation states are using cyber tools to steal our country’s secrets and to copy our intellectual property.”
Hackers were also snatching financial data and locking down access to medical records.
Terrorists were abusing encryption and social media to “crowdsource the murder of innocent people”. Web-based warfare was becoming “incredibly personal”, he said.
The combatants were everywhere and the phones in our pockets were the battle space.
There was a new generation of terrorist, recruiting over the internet and using virtual safe havens to escape detection and force their propaganda on a global internet scale, Mr McCaul said.
Partly as a result, there was an unprecedented spike in terror plotting against the west. He noted the “brutal” attacks on Paris and Brussels as tragic reminders of how terrorists stayed under the radar by using end-to-end encryption on their phones to cover their tracks.
“At the same time, we must resist the temptation to go after encryption with simple, knee-jerk responses.”
To applause, he said he believed creating backdoors into secure platforms would be a “huge mistake”. It would put personal data at risk and leave companies open to intrusion, he said.
While there was no direct reference to president Donald Trump’s so-called “Muslim ban”, a number of the speakers referred to the need for diversity and the reliance of the industry on talent from all over the world.
Beacon of hope
Mr McCaul said he was proud that the US was beacon of hope to people in all corners of the globe who seek to create, collaborate and innovate. “But in light of recent events in Washington, I know there’s deep concern in this room about whether US policies will continue to welcome that international talent.”
Mr McCaul said we should never forget the US was a country built by immigrants. “This is a nation where the oppressed have long sought refuge and our country is a magnet for creators and entrepreneurs who are willing to take risk and pursue their dreams. The United States must maintain that tradition, not only for our country’s credibility, but for the survival of liberty itself.
The RSA conference has more than 550 exhibitors, 600 speaking sessions and 40,000 attendees. Actor John Lithgow opened the event with a rousing address about a "hacked planet" and how the earth might look without cybersecurity.
“The world is a much better place with you in it,” he told the packed conference centre.
Dr Zulfikar Ramzan, chief technology officer of RSA, told the attendees they needed to focus on drawing connections between different fields and to focus on what he called "business-driven security". Security was not a technology problem, it was a business problem, he said.
Innovation invited exploitation, he said. But we were fighting against human ingenuity, which was a powerful thing.
Among the other keynote speakers was Brad Smith, president and chief legal officer of Microsoft, who said governments now needed to come together to create a "digital Geneva convention" under which nation states would pledge not to engage in attacks on the internet. It would create an industry which even in an age of nationalism was a "neutral, digital Switzerland" on which everyone could rely.
Mr Smith also noted the key role played by immigrants in the sector. He said Microsoft in Washington state had employees from some 157 countries and was not unique.