How could two candidates be more different? When was the last time a non-political candidate became a Presidential nominee? It was 1928 and the candidate was Herbert Hoover! Anyway let’s look at what each candidate has to say about security and privacy and more important, what do their actions tell us?
Clinton said the following at a town hall meeting in February.
Cyber-security is one of the most important challenges the next president is going to face because the advances, the offensive advances by nation states that we know are very technically sophisticated ― namely Russia, China, next level Iran, next level North Korea ― are going to just accelerate…We have to be operating on both of these levels, making it very clear to Russia, to China, that not only that what their government does through various entities, but also if they outsource the work to hackers, they will pay a price.
Hillary has no official data security platform but here is what we know. Secretary of State Hillary Clinton addressed her thoughts on China on her national security policy page by saying: Hillary will work with allies to promote strong rules of the road and institutions in Asia, and press China to play by the rules ― including in cyberspace, on currency, human rights, trade, territorial disputes, and climate change ― and hold it accountable if it does not, while working with China where it is in our interest.[ MORE ON THE CANDIDATES: 10 cybersecurity questions Trump and Clinton should answer ]
It appears Hillary likes Obama’s national cyber security plan and wants to build on it, but what about her actions?
According to The Washington Post , for the four years she was Secretary of State, Clinton operated and used a private email server with an insecure private email account. That wouldn’t normally have been an issue if she hadn’t used it for official government business , instead of her official,state.govemail address. Nobody noticed until the State Department responded to a request for documents from congressional investigators, only to find emails sent to and from a personal, non-State Department email address for Clinton. Clinton claims the whole affair was because she didn’t like carrying two devices, one for work email and one for personal email, but still wanted to get work done. Hillary Clinton appears to ignore security when convenience and usability is at stake. I have found in my career as an IT audit consultant that if you make security painful then it will likely be circumvented or ignored.
Clinton has repeatedly claimed the State Department allowed private email servers,a fact refuted by the State Department Office of Inspector General. In the end,the FBI decided that Clinton’s actions were “careless ,” but not illegal, and decided not to recommend charges. Was the FBI pressured by the DOJ under a presiding Democratic President? Only President Obama and Hillary Clinton know for sure.
Beyond that, theAP reported last yearthat Clinton’s State Department cabinet was horrible at sticking to security standards, criticism that the State Department was, to its credit, willing to accept:
The State Department was among the worst agencies in the federal government at protecting computer networks…. But wait the formerly closed FBI Clinton investigation was just reopened by FBI Director James Comey. Why? Because congressman Weiner’s indirect association with the Clinton campaign. His wife Huma Abedin who was a top Clinton aide shared a laptop with the congressman who is in trouble for sexting.
One look no further then theOPM data breach to see yet another government agency fail at what it's suppose to excel in: protecting security clearances of its prized government employees and DoD contractors. OPM failed in cybersecurity which resulted in over 20 million security clearances compromised , even FBI director Comey's file was compromised.
In summary: Hillary has said all the right things about cyber security but in practice if you look at her private email server and the careless sharing of those government emails by her top aide Huma Abedin that were just found an Anthony Weiner’s laptop, Clinton and her teams actions don’t support the policy statements of someone truly practicing cyber security best practices. These careless actions speak louder than any political speech or publicized policy.
Hillary’s political webpage statements on cybersecurity
Enter Donald Trump, not having ever been in the role of government service, we have a billionaire with a successful company that has had its ups and downs. Trump is now a Presidential candidate, so what can we now put together about his private practices relating to cyber security? First his official policy on cyber security can be found here .Order an immediate review of all U.S. cyber defenses and vulnerabilities, including critical infrastructure, by a Cyber Review Team of individuals from the military, law enforcement, and the private sector. TheCyber Review Team will provide specific recommendations for safeguarding different entities with the best defense technologies tailored to the likely threats, and will followed up regularly at various Federal agencies and departments. TheCyber Review Team will establish detailed protocols and mandatory cyber awareness training for all government employees while remaining current on evolving methods of cyber attack. Instruct the U.S. Department of Justice to create Joint Task Forces throughout the U.S. to coordinate Federal, State, and local law enforcement responses to cyber threats. Order the Secretary of Defense and Chairman of the Joint Chiefs of Staff to provide recommendations for enhancing U.S. Cyber Command, with a focus on both offense and defense in the cyber domain. Developthe offensive cyber capabilities we need to deter attacks by both state and non-state actors and, if necessary, to respond appropriately.
The New York Times captured the following in an interview.
First off, we’re so obsolete in cyber. We’re the ones that sort of were very much involved with the creation, but we’re so obsolete, we just seem to be toyed with by so many different countries, already. And we don’t know who’s doing what. We don’t know who’s got the power, who’s got that capability, some people say it’s China, some people say it’s Russia. But certainly cyber has to be a, you know, certainly cyber has to be in our thought process, very strongly in our thought process. Inconceivable that, inconceivable the power of cyber.Well Trump, we do know that it’s in fact Russia and China, and many more cyber gangs across the globe if you are really following this issue. On theApple FBI issueTrump stated that we should boycott Apple until they cooperate with authorities by providing the encryption keys to help solve the San Bernardino mass shootings. Trump as a successful businessman seems to have a great instinct about