Charlie Rose Talks About Putin and Cyberwar
Former National Security Adviser Tom Donilon and retired IBM CEO Sam Palmisano, leaders of the national cybersecurity commission, discuss Russia’s role in the presidential election and the path to a safer digital future.
Tom, as national security adviser you dealt with Putin. You have the president calling for an investigation. What’s going on?
Donilon: First of all, the investigations are fully appropriate at this point. Last spring and summer you had private-sector organizations saying that entities that had a long association with the Russian intelligence services were responsible for hacking into the Democratic National Committee. Then you had an extraordinary thing happen in October: The director of national intelligence, General Jim Clapper, announced that the Russian Federation, directed from the government itself, was involved in hacking related to the election. You had Mike Rogers, head of NSA, say that you had a country—and it was clearly Russia—that had tried to interfere in the election to try to get specific effects. This is information warfare. It’s part of a broader kind of confrontation that we’re having with Putin’s Russia.
Do the motives of the Russians matter more here? Or is it their ability to hack into important places?
Donilon: We’re not debating that it was necessary to the outcome of the election here. We’ve had an election, we’re going to go forward. But it is important, as Sam said, for the country to know what the vulnerabilities were here from a technical perspective. And it’s important from a strategic perspective to know whether or not the Russian Federation, at Vladimir Putin’s direction or the direction of his senior people, tried to interfere in the election.
How does this compare to recent Chinese hacking?
Donilon: I want to separate out the two cases. One case is state-sponsored, cyber-enabled theft of intellectual and other property. China has interest because they want to be a large e-commerce country. It’s another thing if it turns out to be the case here that a foreign power engages in theft of information and then uses the information for warfare purposes, Charlie, as to have an effect in the real world.
What does your commission recommend? How do you stop this?
Palmisano: There are some things that can be done immediately, as far as establishing a collaborative initiative between the private sector and the public sector around things like identity management. So, making it harder for them to identify or hack you. Then, the internet of things: how to make those cameras, sensors—whatever—more secure so that whether you have a thermostat in your house or use a Fitbit, they’re more secure and the standards exist and security is designed in on Day One. Address those two things first: how they get access to us as individuals who are sloppy with our passwords or through those devices no one associates as being computers.
My impression is that large companies are hit all the time by hackers. Is that fair to say?
Palmisano: But they’re better at [security]. Financial services—with as much focus as hackers put on financial services—probably is the best. Technology companies are also extremely good. But then you have to put the banks right up there with them. They’re very, very good. Our vulnerability is the midsize companies. They have to adopt the same standards that the large guys already have.
How do you keep the internet of things from becoming a way in for hackers?
Palmisano: Think about the energy star. When there was a big focus on energy several years ago, there was a star on [efficient] electronic devices. We’ll have a cyber star. When you, as a consumer, purchase a software product or a device with this star, you at least know that it competes at some level of the standard of security. The incentives are interesting. We’ve debated this at length in the commission. It should be market-driven, vs. heavily regulated, because this stuff moves too fast.
Watch Charlie Rose on Bloomberg TV weeknights at 7 p.m. and 10 p.m. ET