Cybersecurity Enters Presidential DebateCandidates' Responses Reveal Critical Knowledge Gaps
Cybersecurity is becoming an issue in the U.S. presidential campaign, finally. That's good news because IT security, online privacy and Internet availability are critical in our day-to-day lives, and the next president will play a key role in how the nation will secure its digital assets.
See Also: What is next-generation AML?
In this week's Republican presidential debate, cybersecurity briefly took center stage, with several of the candidates sharing their views. Unfortunately, their responses to questions demonstrate they need to learn a lot more about how information technology and security work, or at the very least, stop using cybersecurity as a tactic to scare the electorate into voting for them.
"Misinformation and misdirection in regards to cyber-related issues might help draw voters to a candidate but they don't do citizens a favor."
The most glaring example of a candidate demonstrating ignorance on the workings of information technology was developer Donald Trump, who, in the wake of the San Bernardino terrorist attack, proposed shuttering parts of the Internet to stop ISIS from using it as an online recruiting tool. "I don't want them using our Internet to take our young, impressionable youth and watching the media talking about how they're masterminds," Trump said.
"So, are you open to closing parts of the Internet?" moderator Wolf Blitzer asked.
"I would certainly be open to closing areas where we are at war with somebody," Trump answered. "I sure as hell don't want to let people that want to kill us and kill our nation use our Internet. Yes, sir, I am."
Trump, like many others candidates, touts ideas without providing details on how they would work. (A non-cyber example: candidates who blame Obama - rightfully or not - for his handling of the ISIS threat without furnishing realistic details on what they would do to defeat the jihadists.) In shuttering part of the Internet, Trump said he'd turn to "brilliant people from Silicon Valley" to figure it out.
Later in the debate, Trump added: "And as far as the Internet is concerned, we're not talking about closing the Internet. I'm talking about parts of Syria, parts of Iraq, where ISIS is, spotting it. Now, you could close it."
What Trump proposes - even with the brilliance of Silicon Valley - cannot be done. First, the Internet isn't a single entity; it's a network of networks that the United States does not control. Second, identifying terrorist groups such as ISIS and kicking them off isn't realistic, "given how rapidly the fluid Internet grows and changes," writes Bree Fowler, an Associated Press technology writer. "And the U.S. just doesn't have the technical ability to cut off Internet access in a country it doesn't control."
And as Charlie Baker of Internet performance company Dyn told Fowler: "People have a long history of finding their way around Internet restrictions, whether it's democracy activists in China or Iran, or tweens looking to circumvent their school's firewall."
Still, the federal government turning to Silicon Valley to help strengthen online safeguards isn't a bad idea. We should use the smarts of everyone - in government, industry and academia - to collaborate to solve the threats posed over the Internet.
Former Hewlett Packard CEO Carly Fiorina emphasized that point when asked by Blitzer whether Silicon Valley companies should be forced to cooperate with the FBI. "They do not need to be forced," Fiorina said. "They need to be asked to bring the best and brightest, the most recent technology to the table. I was asked as a CEO. I complied happily. And they will as well. But they have not been asked. That's why it cost billions of dollars to build an Obama website that failed because the private sector wasn't asked."
True, industry involvement in the creation of the online systems citizens use to purchase Obamacare was minimal, as evident by its near disastrous rollout (see Obamacare Website Security Questioned ). But Fiorina talks as if the Obama administration hasn't reached out to Silicon Valley at all, especially regarding cybersecurity matters. That's not true. The Obama administration has been actively pursuing the private sector - including tech leaders from Silicon Valley - to help develop cyberdefenses.
Silicon Valley Collaborations
In his 2013 State of the Union Address, Obama unveiled an executive order to have the government share classified cyberthreat information with critical infrastructure owners and institute a process for government and industry to develop IT security best practices that infrastructure owners could voluntarily adopt (see Obama Issues Cybersecurity Executive Order). This led to the Cybersecurity Framework, an initiative championed by the National Institute of Standards and Technology in collaboration with the private sector, to create a mechanisms for critical infrastructure, private businesses and government agencies to implement cyberdefenses.
On March 13, 2013 (which, by the way, was the day Cardinal Jorge Bergoglio ascended to the papacy as Pope Francis), President Obama met in the White House situation room with 13 chief executives from major corporations to discuss the need for the federal government and industry to collaboratively battle the cyberthreat (see Obama, Top CEOs Meet on Cybersecurity).
This past April, at the RSA Security Conference in San Francisco, Homeland Security Secretary Jeh Johnson announced the department was opening a Silicon Valley office "to ensure that the government and the private sector benefit from each other's research and development."
And two of the administration's top technology leaders - CIO Tony Scott and CTO Megan Smith - came to their current jobs from VMWare and Google, respectively.
Catalyst for Votes
Misinformation and misdirection in regards to cyber-related issues might help draw voters to a candidate, but they don't do citizens a favor.
Ohio Gov. John Kasich raised encryption during the debate, noting that the shooters in the San Bernardino attack that killed 14 people used mobile phones with encryption. "We have to solve the encryption problem. It's not easy," Kasich said. "Encryption is a major problem, and Congress has got to deal with this, and so does the president to keep us safe."
Kasich has a point, but listening to his response, one feels he doesn't truly grasp the complexity surrounding the debate over encryption. To be fair, Kasich only had a minute or so to express himself. And, he's not alone among politicians and government leaders calling on the government to work with Silicon Valley to figure ways for intelligence agencies and law enforcement to decrypt messages sent and stored by terrorists (see Is Obama Calling for Encryption Bypass?).
But the cybersecurity debate in this presidential campaign so far has been simplistic, such as New Jersey Gov. Chris Christie threatening Chinese leaders with revealing dirty secrets about their corruption to retaliate against China's breach of the Office of Personnel Management computers, which exposed personal information of 20 million-plus individuals.
Cybersecurity is complex, and the electorate deserves more than platitudes from the candidates. Voters merit meaningful and comprehensive discussions on how a future president would credibly addresses the virtual threats we face.