Last week's U.S. intelligence report tracing Russia's cyber-meddling with the 2016 presidential election is a timely reminder of the cybersecurity risks that the government and private companies face, said Tom Ridge, the nation's first secretary of Homeland Security.
"President-elect Trump is entering into a world fraught with hazards as never before," Ridge said in a telephone interview on Monday. "Russia is a reminder that cyberattacks are a permanent risk to individuals and countries and companies, and you must do all you can to understand the risk. It's a reminder of how serious and permanent the risk is. The risk continues to get deeper."
Ridge, who is also a former Republican governor of Pennsylvania, is chairman of Ridge Global, a Washington-based cyber protection advisory firm. He was named by President George W. Bush to head the Department of Homeland Security, which was created after the Sept. 11, 2001, attacks. He held the post from 2003 to 2005.
Ridge said President-elect Donald Trump needs to appreciate that cyberattacks affect not only national security but also the nation's economic security. Companies that control the nation's financial sector, energy resources, transportation and other vital infrastructure are just as vulnerable as federal agencies and political party emails, he noted.
"It's not just about securing government information, but about national security and economic security," Ridge explained. "One thing the next president needs to understand is that it's both. Time will tell if he's up to it."
Ridge said the Russian hacks "didn't influence the outcome of the election, but are a reminder to citizens and companies alike that we live in an interdependent world. People get excited about the digital forever that computing devices offer, but there are dangers, whether from Russia, China, Iran, North Korea, organized crime or a hacker. If you have something in the network such as personal information, then it's vulnerable and we need to protect it."
Nearly all the nation's vital infrastructure is under the control of the private sector, which is made up primarily of public companies, he added. "That means that CEOs and corporate boards, along with IT shops, have to be paying far more attention than ever before to cybersecurity. I call it the digital forevermore.
"The cyber actors are proliferating and some are owned by nation-states and some with the consent of nations, or it can be organized crime," he said.
Ridge Global has joined with the National Association of Corporate Directors (NACD) and Carnegie Mellon University to raise the level of cyber-risk awareness among CEOs and corporate boards of directors. Last September, they created the first NACD Cyber-Risk Oversight Program, a 20-hour online cyber-risk training package.
Sign up for CIO Asia eNewsletters.