Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

3/10/2016
08:40 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Presidential Candidates Get Graded On Their Cybersecurity Stances

Trump, Clinton, Sanders, Cruz, Rubio, Kasich, are all unified when it comes to blaming China -- but no one gets higher than a "C" average grade in any category.

Cybersecurity is not exactly a top-of-the-mind item on the agenda of the remaining candidates in the US presidential elections. But cybersecurity has indeed become a hot policy topic in Washington.

State-sponsored cyberattacks, espionage, and criminal activity have emerged as major national issues prompting the Obama Administration to take executive action on at least two occasions in recent years, and to propose a $19 billion federal cybersecurity budget for 2017. Concerns over the private sector’s willingness and ability to defend against emerging threats have prompted numerous bills and cyberthreat information-sharing efforts.

And efforts by US technology vendors to make it harder for government to conduct surveillance following Edward Snowden’s revelations of the NSA’s data collection practices has elevated tensions between Washington and Silicon Valley -- punctuated by the contentious battle between the FBI and Apple.

So where exactly do the various presidential candidates stand on cybersecurity?

Data risk management firm IDT911 distilled public statements and actions of the candidates that had been previously compiled by the Christian Science Monitor’s Passcode and put them into a chart that allows for a side-by side comparison of their positions. IDT911 then assigned letter grades to each candidate.

The chart reveals differences between the leading Democrats and Republicans on several issues but somewhat surprisingly, not always along party lines. In fact, the only major issue where opinion seems to be sharply divided between the two sides is on the issue of FCC Net Neutrality. Both Democratic contenders Hillary Clinton and Bernie Sanders support it while Republicans Donald Trump, Marco Rubio, and Ted Cruz are against it. Republican John Kasich’s stance on the issue is unclear.

Opinion is somewhat divided on other topics. Clinton and Sanders, for instance, both opposed the renewal of a controversial NSA program for collecting phone metadata records in bulk from US carriers. Trump and Rubio support continuation of the program, while their Republican counterparts Cruz and Kasich are opposed. Cruz actually proposed a bill to end bulk collection of phone records, while Kasich wants rules of restraint imposed on it first.

The USA Freedom Act that restored some provisions of the Patriot Act while ending others is another area where differences crossed party lines. Clinton and Cruz, who was a co-sponsor of the bill, support it. Cruz has claimed that it expands the intelligence-gathering abilities of US law enforcement agencies, while Clinton favors it because it ended bulk data collection. Sanders, Trump, and Rubio oppose it, though for sharply different reasons. Sanders opposes the bill because he thinks it does not go far enough to ensure privacy protections, while Trump and Rubio don’t like it because they think it weakens intelligence systems.

Trump, Kasich, and Sanders have so far not announced their positions on screening social media for extremist content. The other two remaining Republican candidates support it, while Clinton has said she is opposed to it.

The only area where there appears to be broad consensus is on China. Clinton, Rubio, Trump, and Cruz blame China for the massive attack on the Office of Personnel Management (OPM) last year, and presumably other attacks as well. Sanders and Kasich have not made their opinions on the issue known so far.

IDT911 gave none of the candidates higher than a "C" for cybersecurity and privacy policies, with the exception of Rubio, who garnered a ‘B–‘ from one executive for his views on dealing with China and Net Neutrality. Another IDT911 executive, however, gave Rubio a "D+," the second lowest score among all candidates for his ‘"vapid" views on data security and privacy.

Clinton garnered an overall "C" for her nuanced understanding of national cybersecurity challenges and the breadth of her cybersecurity perspectives. But she was faulted for being on the wrong side of the encryption debate, as well as for showing poor judgment on her private email server issue.

Trump received a "C-" and a "C+" for his stance on matters like intellectual property theft and China. But he was called out for a lack of clarity on too many other topics and a lack of understanding of the nuances of the security versus privacy debate. Sanders, who received a "D" from one executive, received praise for his stance on privacy-related matters, but was faulted for having a weak stance on Net Neutrality and his views on Snowden, presumably because they are not nuanced enough.

Related Content:

Interop 2016 Las VegasFind out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
theb0x
50%
50%
theb0x,
User Rank: Ninja
3/12/2016 | 5:57:02 PM
Re: Clinton hypocrisy
The Exchange Server is in the bathroom?! Really...? Clinton should have gotten an F for that alone.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
3/11/2016 | 2:40:37 PM
Re: Clinton hypocrisy
I think you'll find it quite common, not only in cyber security, the Clinton has contradicted herself one way or another.

As far as not understanding the crux of the issue I think it may be an age issue in terms of ease to assimilate but not overall for conveying their ideals. In areas where a candidate lacks they should defer to an expert, there is no shame in saying you don't have all the information. But refusing to acquire it from a proper source is an issue.
otalliance
100%
0%
otalliance,
User Rank: Strategist
3/11/2016 | 9:47:07 AM
Online Trust Alliance Audit Finds 74% of Presidential Candidates Websites Fail to Respect Americans Privacy
Last September the Online Trust Alliance, a 501c3 non-profit scored the sites and failed 74%.  In fast all of the remaining candidates ecived failing grades.  The full report is posted at https://otalliance.org/2016Candidates.   Unfortuantly they operate under different rules expected of the business community and would fail the EU Privacy Shield.

 
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
3/11/2016 | 7:50:52 AM
Clinton hypocrisy
Although I don't think she understands the real nuances of the privacy/security debate, I do find it bothersome that Clinton has repeatedly praised NSA spying efforts and wants more data gathering, but is so happy to have her own information held privately. 

It may seem agist, but I think half the issue with politicians not understanding the technological issues at play, is because they didn't grow up with any of the technology we use now. The best president in this case would be the one who listened to expert advice.
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15132
PUBLISHED: 2019-08-17
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocki...
CVE-2019-15133
PUBLISHED: 2019-08-17
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.
CVE-2019-15134
PUBLISHED: 2019-08-17
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloo...
CVE-2019-14937
PUBLISHED: 2019-08-17
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.
CVE-2019-13069
PUBLISHED: 2019-08-17
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service.