Operations
3/10/2016
08:40 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Presidential Candidates Get Graded On Their Cybersecurity Stances

Trump, Clinton, Sanders, Cruz, Rubio, Kasich, are all unified when it comes to blaming China -- but no one gets higher than a "C" average grade in any category.

Cybersecurity is not exactly a top-of-the-mind item on the agenda of the remaining candidates in the US presidential elections. But cybersecurity has indeed become a hot policy topic in Washington.

State-sponsored cyberattacks, espionage, and criminal activity have emerged as major national issues prompting the Obama Administration to take executive action on at least two occasions in recent years, and to propose a $19 billion federal cybersecurity budget for 2017. Concerns over the private sector’s willingness and ability to defend against emerging threats have prompted numerous bills and cyberthreat information-sharing efforts.

And efforts by US technology vendors to make it harder for government to conduct surveillance following Edward Snowden’s revelations of the NSA’s data collection practices has elevated tensions between Washington and Silicon Valley -- punctuated by the contentious battle between the FBI and Apple.

So where exactly do the various presidential candidates stand on cybersecurity?

Data risk management firm IDT911 distilled public statements and actions of the candidates that had been previously compiled by the Christian Science Monitor’s Passcode and put them into a chart that allows for a side-by side comparison of their positions. IDT911 then assigned letter grades to each candidate.

The chart reveals differences between the leading Democrats and Republicans on several issues but somewhat surprisingly, not always along party lines. In fact, the only major issue where opinion seems to be sharply divided between the two sides is on the issue of FCC Net Neutrality. Both Democratic contenders Hillary Clinton and Bernie Sanders support it while Republicans Donald Trump, Marco Rubio, and Ted Cruz are against it. Republican John Kasich’s stance on the issue is unclear.

Opinion is somewhat divided on other topics. Clinton and Sanders, for instance, both opposed the renewal of a controversial NSA program for collecting phone metadata records in bulk from US carriers. Trump and Rubio support continuation of the program, while their Republican counterparts Cruz and Kasich are opposed. Cruz actually proposed a bill to end bulk collection of phone records, while Kasich wants rules of restraint imposed on it first.

The USA Freedom Act that restored some provisions of the Patriot Act while ending others is another area where differences crossed party lines. Clinton and Cruz, who was a co-sponsor of the bill, support it. Cruz has claimed that it expands the intelligence-gathering abilities of US law enforcement agencies, while Clinton favors it because it ended bulk data collection. Sanders, Trump, and Rubio oppose it, though for sharply different reasons. Sanders opposes the bill because he thinks it does not go far enough to ensure privacy protections, while Trump and Rubio don’t like it because they think it weakens intelligence systems.

Trump, Kasich, and Sanders have so far not announced their positions on screening social media for extremist content. The other two remaining Republican candidates support it, while Clinton has said she is opposed to it.

The only area where there appears to be broad consensus is on China. Clinton, Rubio, Trump, and Cruz blame China for the massive attack on the Office of Personnel Management (OPM) last year, and presumably other attacks as well. Sanders and Kasich have not made their opinions on the issue known so far.

IDT911 gave none of the candidates higher than a "C" for cybersecurity and privacy policies, with the exception of Rubio, who garnered a ‘B–‘ from one executive for his views on dealing with China and Net Neutrality. Another IDT911 executive, however, gave Rubio a "D+," the second lowest score among all candidates for his ‘"vapid" views on data security and privacy.

Clinton garnered an overall "C" for her nuanced understanding of national cybersecurity challenges and the breadth of her cybersecurity perspectives. But she was faulted for being on the wrong side of the encryption debate, as well as for showing poor judgment on her private email server issue.

Trump received a "C-" and a "C+" for his stance on matters like intellectual property theft and China. But he was called out for a lack of clarity on too many other topics and a lack of understanding of the nuances of the security versus privacy debate. Sanders, who received a "D" from one executive, received praise for his stance on privacy-related matters, but was faulted for having a weak stance on Net Neutrality and his views on Snowden, presumably because they are not nuanced enough.

Related Content:

Interop 2016 Las VegasFind out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
theb0x
50%
50%
theb0x,
User Rank: Ninja
3/12/2016 | 5:57:02 PM
Re: Clinton hypocrisy
The Exchange Server is in the bathroom?! Really...? Clinton should have gotten an F for that alone.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
3/11/2016 | 2:40:37 PM
Re: Clinton hypocrisy
I think you'll find it quite common, not only in cyber security, the Clinton has contradicted herself one way or another.

As far as not understanding the crux of the issue I think it may be an age issue in terms of ease to assimilate but not overall for conveying their ideals. In areas where a candidate lacks they should defer to an expert, there is no shame in saying you don't have all the information. But refusing to acquire it from a proper source is an issue.
otalliance
100%
0%
otalliance,
User Rank: Strategist
3/11/2016 | 9:47:07 AM
Online Trust Alliance Audit Finds 74% of Presidential Candidates’ Websites Fail to Respect Americans’ Privacy
Last September the Online Trust Alliance, a 501c3 non-profit scored the sites and failed 74%.  In fast all of the remaining candidates ecived failing grades.  The full report is posted at https://otalliance.org/2016Candidates.   Unfortuantly they operate under different rules expected of the business community and would fail the EU Privacy Shield.

 
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
3/11/2016 | 7:50:52 AM
Clinton hypocrisy
Although I don't think she understands the real nuances of the privacy/security debate, I do find it bothersome that Clinton has repeatedly praised NSA spying efforts and wants more data gathering, but is so happy to have her own information held privately. 

It may seem agist, but I think half the issue with politicians not understanding the technological issues at play, is because they didn't grow up with any of the technology we use now. The best president in this case would be the one who listened to expert advice.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
DNS Threats: What Every Enterprise Should Know
Domain Name System exploits could put your data at risk. Here's some advice on how to avoid them.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Tim Wilson speaks to two experts on vulnerability research – independent consultant Jeremiah Grossman and Black Duck Software’s Mike Pittenger – about the latest wave of vulnerabilities being exploited by online attackers