Donald Trump’s recent speech on cybersecurity means both presidential candidates are finally on the record when it comes to general approaches to cyberpolicy — with plenty of blank spaces remaining.
In remarks delivered Oct. 3 in Herndon, Va., Trump sketched out a cyberpolicy rooted in military and law enforcement responses.
While identifying “very substantial weaknesses” in “all vital infrastructures,” he didn’t spell out how he would improve the security of the 90 percent or so of critical infrastructure that’s privately owned and operated.
Trump’s approach includes increased resources for U.S Cyber Command so that the United States can more effectively deter foes in cyberspace — and strike back when necessary.
“I will also ask my secretary of defense and Joint Chiefs to present recommendations for strengthening and augmenting our Cyber Command,” Trump said. “As a deterrent against attacks on our critical resources, the United States must possess — and has to — the unquestioned capacity to launch crippling cybercounterattacks. And I mean crippling, crippling.”
Today, according to Trump, “People don’t even know if we have the capability that we’re supposed to have when you look at what’s going on with other countries.”
U.S. deterrence policy — or the alleged lack thereof — has generated plenty of criticism from Capitol Hill. But that has been aimed at the administration’s supposedly narrow view of what constitutes an attack and unwillingness to spell out likely responses.
Cyber Command’s arsenal of offensive weapons, on the other hand, is seen as the global leader.
Trump coupled enhanced military might with a new, coordinated approach to pursuing cybercriminals through a joint task force that would resemble past campaigns against the Mafia.
Better deterrence and aggressive prosecution are frequently cited by industry leaders as essential to raising the costs for perpetrators of cyberattacks — as well as for more equitably sharing security responsibilities between government and the private sector.
Within the federal government, Trump would “put together a team of our best military, civilian and private-sector cybersecurity experts to comprehensively review all of our cybersecurity systems and technologies.”
That effort would involve a top-to-bottom assessment of government information and security systems, setting up “protocols” for every agency, and constantly reviewing performance. Enhanced cybertraining for federal employees would also be featured.
Some of this seems to mirror activities already underway within the executive branch, which was one point of criticism aimed at the Trump speech.
For instance, the Obama administration has launched a technology modernization program, appointed a first-ever chief information security officer and accelerated Department of Homeland Security programs to bolster cyberdefenses throughout the civilian government.
The Clinton approach, meanwhile, also includes a greater focus on international deterrence as well as continuing Obama initiatives on improving federal technology and using the government’s acquisition power as a game-changer in the market for cybersecurity products.
Clinton has also endorsed the voluntary framework of cybersecurity standards developed by the National Institute of Standards and Technology.
Business leaders most active on cyberissues have taken a guarded approach to the presidential campaign, lauding discrete aspects of each candidate’s platform while steering clear of direct endorsements.
That’s because in the cyberpolicy space, leading industry groups want to see a continuation of the basic elements of the Obama approach — focused on nonregulatory, industry-led initiatives — but desperately want to keep this issue out of the partisan maelstrom that surrounds virtually every other policy question.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers, and author of “Hacked: The Inside Story of America’s Struggle to Secure Cyberspace,” published by Rowman and Littlefield.
