Healthcare, immigration and the Islamic State are challenges the presidential candidates repeatedly hammer when presenting challenges for the future. Cybersecurity, however, isn’t.
Eric Sinrod, a technology lawyer with Philadelphia-based law office Duane Morris LLP, recently wrote a column for research platform Lexology that bemoaned the lack of discussion from candidates on information security-related matters.
“Why aren’t they talking about cybersecurity when they otherwise are talking tough about fighting the enemies of the United States?” Sinrod wrote. “The frightening answer is that they likely do not understand the issues relating to cyberwarfare well enough to express opinions and to outline strategies and plans.”
Sinrod is not alone in his assessment of the candidates’ lack of cybersecurity savvy. Data risk management firm IDT911 ranked each candidate on the strength of their stances on cybersecurity. They were judged based on their responses to issues like whether they supported the USA Freedom Act, how they feel about Net Neutrality and whether they have a published cybersecurity plan on their website.
None of the remaining candidates were given higher than a C-plus rating.
Rather than being criticized for their plans to tackle cybersecurity, the overwhelming majority of the candidates were docked in IDT911’s ratings for failing to create clear cybersecurity plans in the first place. John Kasich’s greatest weakness, for example, “is that his position is unknown on too many core issues.”
What the candidates think
Some of the presidential candidates have shared their views on cybersecurity via their campaign websites.
Hillary Clinton starts out strong by stating that cyberattacks strongly affect the economy and national security, but is vague on the details of how she plans to address them.
“Our country will outpace this rapidly changing threat, maintain strong protections against unwarranted government or corporate surveillance and ensure American companies are the most competitive in the world,” she says.
Ted Cruz’s website does not specifically mention cybersecurity. While he does focus on defeating the Islamic State and protecting national security, Cruz does not address how the cyberrealm is related to these issues.
John Kasich’s stance on cybersecurity falls near the bottom of his overall national security plan. He stresses the importance of working together to determine where cyberattacks are coming from and to stop them.
“We must defend against cyberattacks on our government and businesses, as well as counter the online activities of jihadis and other opponents,” Kasich says.
Bernie Sanders has possibly the most in-depth position on cybersecurity. He says he is not only concerned about cybersecurity, but also about whether the government has too much freedom in accessing private information.
“Our nation’s national security and economy face unprecedented threats from cyberattacks, and it is important that we defend ourselves as best we can while, at the same time, protecting the privacy and civil liberties of the American people,” he says.
Donald Trump brings up cybercrime in his stance on U.S.-China trade reform, in which he promises to create stronger defenses against Chinese hackers.
“China’s ongoing theft of intellectual property may be the greatest transfer of wealth in history. This theft costs the U.S. over $300 billion and millions of jobs each year,” Trump says. “China’s cyberlawlessness threatens our prosperity, privacy and national security.”
However, Trump fails to elaborate on cybersecurity reform other than when it has to do with China.
Cybersecurity is a team effort
When looking at the seeming lack of focus on cybersecurity this election season, a few questions must be raised: Does the candidates’ knowledge of and stances on cybersecurity matter in the long run? Does one have to be a cybersecurity expert to be president?
While the last question may be a bit extreme, a 2015 survey of more than 200 information security professionals showed that the majority, 68 percent, would prefer a president with a strong security policy.
Dwayne Melancon, the chief technology officer of software company Tripwire, which conducted the survey, said the government has faced unrealistic expectations regarding its role in regulating cybersecurity.
Rather than shoulder the burden on their own, Melancon said, candidates should be prepared to seek the advice of those who know the topic well.
“It will be important for candidates to not only articulate their concern for cybersecurity, but to also share a concrete plan on how they will incorporate the expertise of respected experts, who can help craft practical, effective and sustainable cybersecurity policies,” he said.
Jack Karsten and Darrell West of the Brookings Institution agreed with the future president’s need to consult with experts.
“None of the candidates are technology experts, and once in office, the future president will have to consult with specialists,” they wrote in a recent article. “How policies and legislation will really turn out … will depend on the administration as a whole rather than the president alone.”
All five candidates’ lack of cybersecurity knowledge is not necessarily a death knell for their success in enforcing new policies. Keeping the country’s information safe is a difficult task that must be a joint effort between the candidate with vision and those with the know-how to execute it.
