How Will the Next President Approach Cybersecurity?The Similarities, Differences in Clinton, Trump Platforms
The discussion of cybersecurity in the presidential campaign seems focused primarily on whether the Russian government is behind hacks of Democratic Party computers, which resulted in the leaks of emails that proved to embarrass Democratic nominee Hillary Clinton (see US Government Accuses Russia of Election Hacking).
See Also: You've Got BEC!
In this week's town hall debate, Clinton, citing an announcement from the U.S. intelligence community, said Russian President Vladimir Putin is behind these and other attacks. But her Republican opponent, Donald Trump, suggested there was no hacking (see Clinton, Trump: Head-to-Head Over Purported Russian Hacks).
Both presidential candidates pledge using the latest technologies to secure the government's - and critical infrastructure's - digital assets.
Trump also contended that Clinton, when she was secretary of state, misused personal email servers, which housed some classified materials - proving she's unqualified to be president. Clinton has repeatedly apologized for using the personal servers, saying it was a mistake.
But if you go beyond the political bickering and take a close look at the cybersecurity platforms both candidates have posted on their campaign websites, you'll see their approaches to cybersecurity are similar in some respects.
Both candidates pledge to use the latest technologies to secure the government's - and critical infrastructure's - digital assets. Clinton's campaign website says she supports expanded investment in cybersecurity technologies. Trump, through a cyber review team he'd establish, calls for the securing of IT "as modern technology permits."
Neither candidate, however, has explained how they'd come up with the billions of dollars needed to secure information systems and data.
Continuation of Obama's Agenda
Clinton's cybersecurity agenda is more detailed than Trump's, in part because she says she'd adopt the Obama administration's Cybersecurity National Action Plan, "especially the empowerment of a federal chief information security officer, the modernization of federal IT and upgrades to governmentwide cybersecurity."
Both candidates' campaign websites outline what they'd do to make government IT more secure, but neither contender provides the specifics on how they'd do it, beyond Clinton's reference to the Cybersecurity National Action Plan.
Clinton's platform provides a checklist of cybersecurity goals for government agencies: enforcing multifactor authentication' mitigating risks from known vulnerabilities; encouraging adoption of bug bounty programs' increasing use of red teams; enhancing public-private collaboration on cyber innovation and cyberthreat information sharing; and accelerating adoption of best practices, such as the National Institute of Standards and Technology's cybersecurity framework.
Trump, on the other hand, says he would first need to get a better handle on the current state of cybersecurity in government before he'd offer specific solutions. He proposes establishing a cyber review team that would be made up of the best military, civilian and private-sector cybersecurity experts to comprehensively review all of the government's cybersecurity systems and technology. The team would make recommendations for the best combination of defensive technologies tailored to specific agencies.
"The review team will also remain current on the constantly evolving new methods of attack, and will attempt to anticipate them and develop defenses as often as possible before major breaches occur," Trump said in an Oct. 3 speech. "This group of experts will set up protocols for each agency and government officials, requiring them to follow best practices."
The cyber review team is reminiscent of the wide-ranging cybersecurity review conducted in the early months of the Obama administration, led by senior White House cybersecurity adviser Melissa Hathaway, which produced a 10-point cybersecurity action plan unveiled by President Obama in May 2009.
Taking on Cybercriminals
To fight cybercrime, Trump says he'd instruct the Department of Justice to create a joint task force with federal, state and local law enforcement agencies, similar to the one DoJ created to take on the Mafia.
The Council on Foreign Relations' Alex Grigsby and David O'Connor, in a think tank blog, find comparing the fight against cybercrime to combating the Mafia interesting, saying it could bring much needed tools and expertise to local authorities often understaffed or lacking the resources to investigate complaints. "However," they write, "it is not always the case that cyber criminals are organized hierarchically like the mob, and in many cases, one individual can attract more attention than a group. Additionally, it is unclear whether the task forces would investigate traditional crime facilitated by the internet (online fraud, ransom, harassment), crimes directed at computers (hacking, denial of service) or both."
In Trump's platform, he emphasizes using cyber weapons against U.S. adversaries, something that's already been done, as with Stuxnet virus, which the United States and Israel used to sabotage Iran's nuclear program.
Warfare of the Future
In fact, Trump says he wants to develop offensive cyber capabilities as a way to conduct "crippling cyber counterattacks. This is the warfare of the future; America's dominance in this arena must be unquestioned."
But the Obama administration cautions that a hack back could have unknown consequences. Lisa Monaco, Obama's homeland security adviser, said at the Aspen Security Forum in July that "the danger of escalation and misinterpretation is such that we have to be responsible about it [cyber retaliation]."
Clinton told the American Legion National Conference in Cincinnati on Aug. 31: "As president, I will make it clear that the United States will treat cyberattacks just like any other attack. We will be ready with serious political, economic and military responses."
The Next President
So what will the cybersecurity policy of the next president look like?
Clearly, Clinton's policy will be a continuation of Obama's approach to cybersecurity.
As for Trump, based on his platform and comments, it's still unclear how much his cybersecurity policies would differ from current practices.
Both candidates, in executing their cybersecurity initiatives, would need the support of Congress. Unlike most other issues, there's been a general consensus among Democrats and Republicans on how the government should tackle cybersecurity.