Presidential Candidates All But Ignore CybersecurityTrump, Clinton, Sanders Fail to Spell Out Their Cyber Policies
America's cyber infrastructure is under constant attack, and damage to it could have significant economic and national security consequences.
See Also: The Business Email Compromise Handbook
It's a threat that must be addressed at the highest levels of government, working in conjunction with the private sector. But the candidates for president of the United States don't have much to say about the cyberthreat. Search the keyword "cyber" on the campaign websites of Hillary Clinton, Bernie Sanders and Donald Trump, and the number of returns is miniscule. And except for one posting about securing the electric grid, none of the sites offers any substance or insight on cybersecurity strategies.
Most recent cybersecurity talk in the campaign has focused on Clinton's use of a private email server as secretary of state. Otherwise, except for a few mentions at candidates' debates last fall, cybersecurity has hardly surfaced as an issue.
Cybersecurity Doesn't Fit on Bumper Sticker
Candidates haven't raised cybersecurity as an issue because they haven't figured out how they can get any votes out of it. As former federal CIO Karen Evans says, "Cybersecurity doesn't fit on a bumper sticker."
Trump has criticized Clinton for the use of the private email server mainly in an attempt to question her judgment. But he's offered little proof that her actions caused damage to national security or were illegal.
In the wake of Apple's refusal to help the FBI crack open the iPhone used by one of the San Bernardino shooters, all three candidates weighed in. Here's what they had to say:
But the candidates' views on using a backdoor to circumvent encryption or other safeguards on a mobile device used by a criminal or terrorist come up far short of addressing the core cybersecurity threats the nation faces.
Shuttering the Internet
At a December GOP presidential debate, Trump proposed shuttering parts of the internet to stop the so-called Islamic State from using it as an online recruiting tool. "I don't want them using our internet to take our young, impressionable youth and watching the media talking about how they're masterminds."
But terrorists using the internet to recruit gullible followers doesn't threaten America's cyber infrastructure. Besides, Trump didn't explain how he'd shutter part of the internet, saying he'd pass on the job to the "brilliant people from Silicon Valley" to figure it out.
What Trump proposes - even with the brilliance of Silicon Valley - cannot be done. The internet, after all, isn't a single entity; it's a network of networks that the United States does not control. If anything, Trump's explanation on shuttering the internet demonstrates his ignorance on how internet technology works.
Threat from China
A cyber-related area where the candidates seem to agree is the threat posed by China.
In a foreign policy address delivered April 27, Trump made passing references to cybersecurity. Speaking of President Obama, Trump said: "He has even allowed China to steal government secrets with cyberattacks and engage in industrial espionage against the United States and its companies."
Later in the speech, the presumptive GOP nominee said: "We need to think smarter about areas where our technological superiority gives us an edge. This includes 3-D printing, artificial intelligence and cyberwarfare." He did not provide any details on how he'd prevent China from stealing government and corporate secrets or how to be smarter in cyberwarfare.
In an article posted on his campaign website, Trump provided more details on the threat China poses but failed to explain the technical steps needed to be taken to mitigate that threat
That article noted: "China's ongoing theft of intellectual property may be the greatest transfer of wealth in history. This theft costs the U.S. over $300 billion and millions of jobs each year. China's government ignores this rampant cybercrime and, in other cases, actively encourages or even sponsors it - without any real consequences. China's cyber lawlessness threatens our prosperity, privacy and national security. We will enforce stronger protections against Chinese hackers and counterfeit goods and our responses to Chinese theft will be swift, robust and unequivocal."
Clinton, too, called on holding China accountable for its actions. But how she would do so, as well as other cybersecurity measures she'd take, remains unclear.
A posting on Clinton's website says: "Cyberattacks have profound consequences for our economy and our national security. Hillary will leverage the work of the public and private sectors - overcoming the mistrust that impedes cooperation today - to strengthen security and build resiliency for economy and infrastructure. Our country will outpace this rapidly changing threat, maintain strong protections against unwarranted government or corporate surveillance and ensure American companies are the most competitive in the world."
Safeguarding the Electric Grid
Clinton furnished more details on how to protect the electrical grid from a virtual attack. "Our electrical grid needs upgrading ... to address the growing threat of cyberattack," a campaign site fact sheet says. The former secretary of state and Democratic senator from New York proposes:
- Creating a Presidential Threat Assessment and Response Team to improve coordination across federal agencies and strengthen collaboration with state and local officials and the electric power industry in assessing and addressing cybersecurity threats;
- Implementing a cybersecurity strategy that integrates and protects the expanded use of distributed energy resources and other clean energy technologies; and
- Providing new tools and resources to states, cities and rural communities to make the investments necessary to improve grid resilience to cyberattacks and extreme weather events.
As for Sanders' stand on the issues, I couldn't find any cybersecurity-related postings on his campaign website.
Forecasting 45th President's Policies
At Information Security Media Group's upcoming Fraud and Breach Prevention Summit in the Washington area, a panel of experts will tackle the issue of how the next president should address cybersecurity.
Former federal CIO Evans will be joined by Ari Schwartz, former assistant to the president for cybersecurity; Steve Chabinsky, former FBI deputy director for cyber; and Larry Clinton, president of the Internet Security Alliance, in a session titled "How the Next President Will Deal with Obama's Cybersecurity Legacy." The panel will be held at 9 a.m. May 18.
Later that day, at 12:05 p.m., Homeland Security Deputy Undersecretary Phyllis Schneck will deliver a keynote address, discussing how the government and private sector collaborate on sharing information to help mitigate cyberthreats.
Please join me at the summit, where I'll serve as a moderator. Here's information on how to sign up.