Though it sounds boring as heck, one of the most important aspects of cybersecurity is compliance laws. These frameworks offer us a guide in both how all personnel needs to conduct themselves in regard to technology while offering cybersecurity professionals a road map to creating a safe, effective, and redundant working environment.
The core approach to properly securing a system is known as the C.I.A. which stands for Confidentiality, Integrity, and Availability (not the intelligence agency). Basically, how we ensure data is private, secure, and backed up is the name of the game and no one knows this better than the White House cybersecurity professionals that are trained to protect the infrastructure of one of the most critical institutions in America.
This is why the January 6 White House call logs that were submitted to the congressional investigative committee with a missing seven hours of transactions are highly suspicious. Burner phones are speculated to have been used during that time which prompted Donald Trump to state that he doesn’t know what a “burner phone” is. In turn, former Trump National Security Advisor John Bolton stated that he has heard Trump use the term “burner phone” multiple times in the past. That term was also used three times in Mr. Trump’s lawsuit against his niece.
Seven hours of missing call logs throw up multiple red flags and, in my opinion as a cybersecurity professional, there are only three possible and plausible scenarios at play here:
Scenario 1. White House communication and logging all failed on Jan. 6
This is highly unlikely given the secure infrastructure running in the White House. Cybersecurity for the federal government typically adheres to a framework known as NIST 800-171, which is considered one of the gold standards for defense-in-depth. While multiple departments of the government have had challenges keeping their security up to date, the White House tends to have more vigilance than most due to the cyberattacks they receive. (My interview with former White House cybersecurity advisor Michael Daniels should give everyone insight into just how on the ball most cybersecurity professionals in the White House are). This, plus the federal laws that govern the logging and tracking of presidential records, basically ensure that scenarios like missing seven hours of call logs can’t disappear without intentional tampering.
The White House’s cyberinfrastructure logs so much technical data and redundancy that this is incredibly unlikely that the system would fail, just as it would be for a complete outage of the phone system in the White House. Even government-issued mobile phones log redundant information to ensure nothing is missed or lost for the official record.
Scenario 2. The logs are accurate and zero calls were made during this time period.
This is also highly unlikely given all of the confirmed frantic calls and texts made to various members of the Trump administration begging them to publicly speak out against the riot. If the president or his associates in the White House were indeed using personal mobile phones, then their cellular providers would also have logs of these calls – not to mention geo-location data of each phone. Many January 6 rioters were identified by law enforcement through mobile phone location data.
If they were using burner phones, which would bypass all the logging requirements government phones have, then every cellular provider could supply the committee with every single geo-located mobile phone in the vicinity. This is assuming that their own logging goes back that far, and it should. These kinds of blanket warrants – known as “geofence warrants”– have been used by law enforcement in the past and the Googles of the world are usually happy to oblige these court orders.
Finally, there are literally hundreds of White House employees so receiving a huge number of communications daily regarding normal business matters is standard. This means that outside of the unfolding riot at the Capitol building, the White House would be taking other types of calls as well.
Scenario 3. The logs were altered intentionally to scrub damaging information.
This is the most likely scenario though this also begs the question: Given all the redundancies and contingencies that White House communication systems have, shouldn’t multiple data sources show evidence of tampering?
In other words, the electronic log itself would have to be altered and then any backups would also have to be altered (or deleted) to align with the submitted tampered logs. In secure systems, access to logging is also logged. This also known as tamper-proofing and it’s used by many governments to maintain integrity. A user couldn’t tamper with or delete a log without another record elsewhere of that event being created. The point being: the log submitted to the committee would have an electronic paper trail that would take multiple people to conspire to alter or destroy it. Secure and compliant systems also compartmentalize administrator duties so no single person can do what is speculated to be done here. Welcome to the new possible “collusion” debate.
Here’s the frustrating kicker of the situation: this won’t matter to a percentage of the population, but it’s a seriously damning problem. A lot of whataboutism – such as asking about Hunter Biden’s laptop – seems to be the most logical response from this particular segment and the news. It is already the deflection of choice for some with Rep. Jim Jordan leading that charge.
In that case, the reasonable response seems to be: Why can’t we walk and chew gum at the same time here? For a president who claimed to be the “law and order” candidate with the “most transparent” administration in history, why the gap in these logs then? And in that vein, Trump has already shown a pattern of tampering with White House regards when he took classified records with him to Mar-a-Lago when he left office. President Trump also cut the White House cybersecurity coordinator position and reshuffled IT personnel early on in his presidency. That move was criticized by cybersecurity professionals around the nation.
If we’re being honest, we can investigate all forms of corruption, regardless of party or affiliation. Doesn’t a functioning democracy require this to continue to be both healthy and transparent for its citizens?
Nick is the founder and CEO of Security Fantatics, the Cybersecurity/Cyberwarfare division of BSSi2 dedicated to designing custom Cyberdefense strategies for medium to enterprise corporations. As a member of the Board of Advisors for Roosevelt University’s College of Arts and Sciences as well as their Center for Cyber and Information Security, the Official Spokesperson for the COVID-19 Cyber Threat Coalition and a board member of Bits N’ Bytes Cybersecurity Education as well as Strategic Cybersecurity Advisor for the Private Directors Association, Nick helped to create an NSA certified curriculum that will help the Cybersecurity/Cyberwarfare community to keep defending our government, people and corporations from Cyber threats globally. In 2017 Nick was accepted into the Forbes Technology Council, an invitation-only community for world-class CIOs, CTOs and technology executives, and is a regular contributor of articles which are published on forbes.com as well as smerconish.com.