President Donald Trump smiles as he walks in from the Oval Office of the White House in Washington, Monday, Jan. 23, 2017, to host breakfast with business leaders in the Roosevelt Room. (AP Photo/Pablo Martinez Monsivais)
Unlike the thousands of individuals from Muslim-majority countries trying to get into America, Cairo-born Mohamed Saher has been told he shouldn’t leave U.S. shores. His employer, security firm NSS Labs, told Saher he shouldn’t go to Egypt where he was due to meet with customers this month. Even though his homeland isn’t one of the seven nations on Trump’s travel ban list, he was told he might not be let back in and should stay put in Austin, Texas.
The irony of Saher’s situation is that rather than representing any kind of threat to the U.S., he’s trying to protect American companies and individuals from malicious hackers. As vice president of advanced research at NSS, he puts his hacking skills up against widely-used technology, in particular Microsoft Windows, so clients know where they’re open to attack. Saher develops defensive software too, the owner of a U.S. patent for a system designed to uncover surreptitious hackers’ exploits. He also claims to have been amongst the top-ranked contributors on Project Euler, where participants are asked to create machine algorithms to crack tough mathematical problems. He’s one erudite dude.
But as a Muslim with parents still living in Egypt, he’s concerned about being marginalized by the Trump government and, eventually, thrown out. He fears Egypt will soon be added to Trump’s list of the unwelcome: “I can only speculate it’s only a matter of time.
“I don’t understand how President Trump is thinking, if you try to pull out all those people, you’re going to have a lot of empty places that can’t be filled… You don’t have the right resources to fill those jobs.
“I have a house, pets, I have a life, if I got stuck [in Egypt] and I can’t come back that creates a problem for me.”
Security researcher Mohamed Saher has been told not to go back to Egypt, fearing he may be banned from returning to his home in Austin, Texas.
Outside the U.S., those who were excited about working in America to improve the nation’s cybersecurity are no longer feeling particularly hopeful. Arash Allebrahim, an Iranian, has claimed to have uncovered numerous vulnerabilities in American-made tech, including an exploit of Cisco kit from 2011, and was banking on migrating to the U.S. in the next five years.
“I know that working in America is almost impossible, but I’d like to do research at companies like Google and Microsoft,” Allebrahim told me. “Trump thinks that Iranians and most Middle East people are terrorists but it’s unfair.”
Khalil Sehnaoui, a hacker based in Beirut, Lebanon, said he expected a lot of security experts across the Middle East to switch from cooperative to hostile as a result of Trump’s move. “If anything it’s going to make people with more skills pissed. Wouldn’t you be more pissed because it’s a senseless ban on people?” Khalil said.
“If you want to stop cyberterrorism, that ban is not going to be helpful. A smart dude in Iran is a smart dude in Iran. There are no more borders. If I want to hack into an electrical grid or the DNC, I don’t need to be in the States.”
Security without borders
Already, the impact of the Trump ban has been felt across the security world. On January 31, the Forum of Incident Response and Security Teams (FIRST), which acts as a forum for security teams from more than 350 corporations, government organizations and universities from 76 countries, said it was concerned many would not be able to make its annual conference, due to be held in Puerto Rico in June. “These changes significantly affect our goal of bringing together an inclusive community of incident responders,” FIRST wrote in a statement.
“FIRST.org is one example among many other professional associations of cyber defenders that now struggle with holding technical conferences in the wake of the immigration ban uncertainty,” said Katie Moussouris, founder and CEO of Luta Security. “Even with the ban paused for now, conference organizers, speakers, and attendees are unable to tell if even legal visa holders in the tech industry will be able to return to the US, should these conferences move outside the US to accommodate.
“The ban makes it too risky for many travelers to attend these events. This means the exchange of information between defenders, often in person, will be potentially curtailed to the detriment of internet defense as a whole.”
Moussouris pointed to a global talent deficit in cybersecurity, something that’s backed up by plenty of data. An Intel-sponsored study from 2016 surveyed companies across eight countries, finding 82 per cent were lacking cybersecurity skills. The need for better security across the U.S. own systems was made startlingly apparent throughout 2016, most notably in the hack of the Democratic National Committee.
“Turning away people who legally applied and were granted visas or green cards may mean turning away the next Einstein or Navratilova,” Moussouris added.
“In computer security, we may find our Ramanujan among the tired, the poor, the huddled masses yearning to breathe free.
“In the meantime, internet safety depends on the ability for defenders to operate without borders, to help protect us all.”
Got a tip? Email at TFox-Brewster@forbes.com or firstname.lastname@example.org for PGP mail. Get me on Signal on +447837496820 or email@example.com on Jabber for encrypted chat.