Donald Trump’s muddled stance on hacking has disturbed security experts at time when the tech industry is looking for clarity on the U.S.'s cyber policy.
On Wednesday, the outspoken presidential candidate seemed to call on Russia to break into rival Hillary Clinton’s email system.
“Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing,” Trump said, referring to emails Clinton had deleted from a private email server. On Thursday, he walked back his comment and said he was being sarcastic.
Some security experts are concerned that Trump is taking the matter so lightly when the country is trying to halt a rash of cyberattacks against it, not promote them.
“Whether he was sarcastic or not, it was an open invitation to hack,” said Justin Harvey, CSO with Fidelis Cybersecurity. “And I guess I’m deeply disturbed by that posturing.”
It's not the first time Trump has made a remark about hacking his own government. In 2014, he tweeted that hackers should uncover records about President Obama’s birth place.
Attention all hackers: You are hacking everything else so please hack Obama's college records (destroyed?) and check "place of birth"— Donald J. Trump (@realDonaldTrump) September 6, 2014
Trump shoots from the hip about all manner of subjects, and his offhand comments serve partly to keep his name in the headlines. But they also show a willingness to be flippant about topics that are vital to national security.
“Supporting espionage that harms America is never okay,”said Eric O'Neill, national security strategist at security firm Carbon Black.
“However," he said, "Trump’s comment is only half of the story.”
Clinton didn’t show the best judgment when using a “poorly protected” private server to exchange emails during her time as secretary of state, he noted. O’Neill said it would be a “nightmare” for Clinton if Russian hackers have stolen some of her emails.
“Security is critical in both the policies we promote and the actions we take,” he said.
Trump’s campaign staff have said he never explicitly invited anyone to hack Clinton, and that his comments were merely an invitation to produce 32,000 emails that she deleted during an investigation into her use of the private server.
On Thursday, during an interview with Fox News, Trump called the email deletion “illegal.”
Regardless of the intent, Trump’s comments will cause concern within the security industry, said Kendall Burman, a data privacy lawyer at Mayer Brown. Cybersecurity issues have only grown in importance, and the next president will need to clarify the U.S. policy on the matter, she said.
Just this week, President Obama issued a new directive to better coordinate the U.S. response to major cyber attacks. However, the U.S. hasn’t defined its policy towards cyber war, and whether it would lead to retaliation.
It could soon find itself in that very position. Speculation is building that Russian hackers may have breached the Democratic National Committee as a way to influence the outcome of the U.S. election.
The FBI is still investigating the incident, but stolen documents have been leaked to the public and could undermine support for Clinton.
Whatever the FBI concludes, the U.S. still needs to prevent cyberspies from stealing critical information, O'Neill said.
Trump has yet to outline his policies on cybersecurity, and comments like the one about Russia do little to inspire confidence, Harvey said.
“To hack another U.S. citizen, regardless if it’s a political candidate or a private citizen, I think that crosses a line,” he said.