PORTLAND, Ore. - August 11, 2016 - Tripwire today announced the results of a survey of over 220 information security professionals who attended Black Hat USA 2016on July 30-August 4, 2016.
Tripwire's opinion-based survey assessed how cyber security issues were impacting the current U.S. presidential election. When asked if cyber criminals were influencing the outcome of the upcoming election, nearly two-thirds (sixty-three percent) of the respondents said, "yes."
The FBI is currently investigating a high-profile breach of the Democratic National Committee’s computer network after its email content surfaced online. Security experts believe Russia may have orchestrated the hack to influence the outcome of the presidential election. Additionally, Andrés Sepúlveda, a political hacker connected with manipulating elections across Latin America, said he was "100 percent sure" the U.S. presidential campaign was being tampered with in a controversial March interview with Bloomberg.
"This is an unprecedented moment in both politics and information security," said Tim Erlin, director of IT security and risk strategy for Tripwire. "A foreign power possibly influencing the U.S. presidential election through electronic means is a game changer for information security professionals. While these survey results aren't surprising, they are very important. We're seeing a significant shift in the role that information security plays on the global stage. While the DNC attack is the most visible, it's not the first incident. We've been building up to this type of event for a number of years."
Additional findings from the survey included:
• Eighty-two percent of the respondents believe state-sponsored attacks on elections should be considered acts of cyber war.
• The 2016 Republican Party platform states that victims of cyber attacks should have "a self defense right" to retaliate. Just over half of the respondents (fifty-five percent) believe this policy would improve national or global cyber security.
• Only ten percent of the respondents consider nation-state attacks to be one of the top two security threats their organizations face.
"In addition to considering nation-state cyber attacks to be an act of war, respondents favor an organization's right to strike back," said Dwayne Melancon, chief technology officer and vice president of research and development for Tripwire. "These two positions have one thing in common: a high margin for error. Attribution of cyber attacks is very difficult. For example, investigations sometimes discover that attacks appearing to come from other countries actually have a command and control base in the U.S., and vice versa. If a cyber attack escalates into war or retribution, you'd better be certain of its origin."
Erlin continued, "While it's clear that the majority of respondents believe state-sponsored attacks are an act of cyber war, there's little consensus on what an appropriate response should be. It's time for the conversation to move beyond true and false to defining an appropriate cyber war response."