An incoming president will always create a long list of tasks for the team in charge of running the White House. Moving a whole family out and a new one in is bound to have its challenges.
However, Joe Biden has apparently already tested the Secret Service - with his workout equipment. It’s led to some intense dialog about America's cybersecurity as a whole, and even its status as a global player in protecting against digital attacks. Let's take a look at how this played out.
Peloton, the President, and the Internet of Things
Fitness-conscious 78-year-old Biden is reportedly a fan of the Peloton stationary bikes, sales of which soared when gyms were closed as a result of the COVID-19 pandemic.
But the problem is that the interactive machines come equipped with webcams and microphones to allow users to stream classes and talk to instructors. Not only could this mean the POTUS may turn up in a class with other startled participants, but it also has negative implications for the security of the White House.
Cybersecurity expert Max Kilger at the University of Texas told Popular Mechanics magazine there’s a risk that malicious parties could target the Peloton as a way of getting to Biden and spying not only on his home, but on his workplace.
The expert pointed out that it isn't just the bike either, as that could simply be used as a jumping-off point to access smartwatches and TVs within the White House, should someone successfully install malware.
The Secret Service and the National Security Agency (NSA) have already spoken out to insist they’ll be making changes to the bike's IT infrastructure to mitigate the risk, including removing cameras and microphones and constantly changing the passwords.
The vulnerability of connected devices
The whole debacle has acted as a reminder that even the most innocuous-looking device can now become a security risk, especially as our lives become ever-more connected. It's estimated that more than 26 billion Internet of Things (IoT) devices were active last year, with 127 new ones connected every second.
Meanwhile, a report from F-Secure in 2019 found attacks on IoT devices were accelerating at an unprecedented rate. Indeed, there was a more than threefold increase to 2.9 billion events - the first time ever this figure surpassed the billion mark.
Furthermore, according to Palo Alto Networks Unit 42 research released last year, more than half of IoT devices were vulnerable to medium or high-severity attacks.
This was largely because 98% of their traffic is unencrypted, while patches are also irregularly carried out and default passwords often used in lieu of more stringent security measures.
Security technologist and Harvard University lecturer Bruce Schneier pointed out in an article for the Washington Post that the removal of potential listening devices from the White House is nothing new. As he explains, Barack Obama was prevented from getting an iPhone in 2013, while Furbies were even removed in 1999 in case they could listen and learn.
And therein lies the problem. There are more people in America and the rest of the world who may become targets for cybercriminals than just the president - and never have they made it easier for said criminals to target them. Yet at the same time, as it becomes harder to find any devices that don't have at least some form of internet connection, not everyone benefits from tailor-made protection from the NSA.
Cybersecurity as a political promise
Perhaps the news reports on the Peloton have come at just the right time for us all to sit up and take notice, because - somewhat ironically - cybersecurity is something Biden has wanted to pay more attention to for a while.
It was actually part of his campaign platform, and he said in a statement as president-elect that his administration "will make cybersecurity a top priority at every level of government".
What's more, he seems to already be putting his money where his mouth is, having set aside a $10 billion investment in cybersecurity and IT modernization that includes additional funding for civilian cybersecurity.
He’s also planned an ambitious raft of new hires, starting with Anne Neuberger as deputy national security adviser for cyber and emerging technology and reportedly including Morgan Stanley's Jen Easterly to lead a new office dedicated to coordinating cybersecurity operations for the federal government.
However, some analysts have raised concerns that the new experts' collective experience is in the public sector, when much of America's IT infrastructure is now owned and operated by corporations.
The SolarWinds cyberattack
This was something painfully brought home in the US toward the end of 2020, when a huge attack attributed to Russian spies hit eight federal agencies and countless private companies.
The perpetrators hacked into IT programs provider SolarWinds and slipped a back door into a software update. When the update was passed on to SolarWinds' clients, so too was the malware that gave hackers access to their networks.
This so-called supply chain attack hit all of the top five accounting firms in the US and hundreds of colleges, universities and healthcare providers. It also showed that with the whole country connected in one way or another, the system is only as strong as its weakest link.
Chief strategy officer at the National Cybersecurity Center Mark Weatherford wrote in Forbes that cybersecurity is one of the biggest challenges facing the nation in 2021, yet it’s consistently been an area lacking in direction and strong leadership.
In a blog for Microsoft, the company's president Brad Smith also said commitment from the government going forward is essential - but that it shouldn't end on a national level.
President Biden certainly seems to be much more focussed on cybersecurity than his predecessor, so there may now be hope that the US gets the better-protected internet infrastructure it clearly needs at a time when the IoT is booming.
How ironic, then, that it took a scare around a connected device at the start of his presidency to start the ball rolling and underline what an essential step this would be.