Light Dark
September 16, 2016 By Derek Brink 4 min read
Government

To read our overview of Republican candidate Donald Trump’s security platform, click here.

Of the 37 issues that define Secretary Hillary Clinton’s vision for America, cybersecurity does not make the list. However, she does delve into the subject of cybersecurity and the future of tech in her “Initiative on Technology and Innovation.”

Digging Into the Clinton Security Platform

Cybersecurity is not thoroughly discussed in the context of Clinton’s national security platform. And aside from a reference to “working with tech companies” to fight online propaganda, intercept communications and track social media posts, cybersecurity doesn’t play a major factor in Clinton’s focus on combating terrorism.

However, a few details on security-related issues can be found in the context of Secretary Clinton’s initiative, which features five high-level parts, each one of which impacts security:

  1. Invest in computer science and STEM education, support entrepreneurial ecosystems and build the human capital pipeline.
  2. Invest in digital infrastructure.
  3. Provide global leadership in technology and innovation.
  4. Establish rules that foster healthy competition, reduce barriers to entry and protect intellectual property while safeguarding privacy and security.
  5. Use technologies to make government smarter, more efficient and more responsive.

For complete details, read the full briefing on Clinton’s official campaign website. In the meantime, let’s take a closer look at the Clinton security platform.

General STEM Education Goals

Secretary Clinton wants to ensure that all public school students in America have access to rigorous computer science education. To meet this goal, she calls for training an additional 50,000 computer science teachers.

This kind of investment could actually be an excellent opportunity to embed better security into the design and development practices of America’s next generation of technology users and workers. Conversely, an investment of this level without consideration for security could inevitably lead to an amplification of the unintended consequences, such as an unmanageable stream of newly discovered vulnerabilities and exploits.

More Access, More Problems?

Clinton’s plan also calls for enabling access to high-speed broadband for all Americans and providing free public Wi-Fi in airports, train stations, mass transit systems and public buildings. More citizens connected means more citizens vulnerable to phishing, ransomware, identity theft and whatever bad things come along next. This can only mean more security problems, given the generally poor implementation of security fundamentals that already pervades the industry and the public.

Her plan does hint at the importance of things like helping citizens with enrollment and offering training in digital literacy. Still, it calls for these to be tacked on via “community-based programs,” as opposed to being an integral part of the strategic investment. It’s another excellent opportunity to improve the practices of future generations.

Global Leadership in Technology and Innovation

For the most part, Secretary Clinton’s policies in this area are consistent with those of the current and previous administrations:

  • Continue internet freedom as a foreign policy priority.
  • Support multistakeholder governance of the internet.
  • Pursue policies to protect U.S. trade secrets and intellectual property.
  • Resist calls from other governments for forced technology transfer or localization of data.
  • Continue efforts to stop cyber-enabled economic espionage.
  • Support responsible information-sharing between government and industry regarding cyberthreats.
  • Balance national privacy laws with the needs of commerce.
  • Modernize current mechanisms for cross-border sharing of data in response to legitimate law enforcement investigations.

The idea of standards-based, widely shared intelligence about threats and vulnerabilities has been a topic of high interest in the cybersecurity industry since around 2011. Industry thought leaders have proposed standard ways to define and communicate about indicators of compromise, event recording, incident sharing and so on.

As a way to redefine the balance of power between attackers and defenders in cybersecurity, the high-level vision behind sharing this kind of information is extremely encouraging. Given the time and resources these types of initiatives usually take to develop and mature, however, the public should remain realistic in our expectations. It will take trusted, consistent leadership from both sides to break down the barriers to truly useful, bidirectional information-sharing between government and industry.

Personal Privacy Versus Public Safety

Once again, Secretary Clinton’s policies in this area are substantially similar to those of current and previous administrations. She intends to challenge state and local governments with regard to regulations that protect legacy incumbents against new innovators; continue support for net neutrality; oppose policies that restrict the free flow of information online; enact targeted patent reforms to reward innovators; improve the capacity of the Patent and Trademark Office; and modernize the copyright system.

In addition, Clinton would appoint a chief innovation advisor to reduce federal regulatory barriers with respect to the development of new products and services.

The Clinton platform most directly affects cybersecurity with its intention to reject “personal privacy versus public safety as a false choice,” and support a national commission on the topic of digital security and encryption.

Modernizing Crucial IT: A Reasonable Start

Secretary Clinton calls for a government that is more efficient and more responsive to its citizens. This includes the redesign and digitization of the top 25 federal government services that directly serve citizens, streamlining procurement processes, eliminating other internal barriers to modernization and engaging citizens in government innovation.

Related: The Trump Security Platform: Maintaining the GOP Status Quo

It’s in this area that we find the most detail on the Clinton security platform, including calls to modernize federal IT, upgrade and improve governmentwide cybersecurity and accelerate adoption of cybersecurity best practices, such as the NIST Cybersecurity Framework and the DHS CDM program.

Given the sheer scale and scope of government infrastructure, it makes sense that Secretary Clinton also proposes the appointment of a federal CISO to ensure a coherent cybersecurity strategy across federal agencies. Ideally, a federal CISO would be in position not only to coordinate a coherent cybersecurity strategy across the sprawling federal government, but also to provide the leadership to ensure that security perspectives are considered upfront with respect to investments in the other four areas of training, infrastructure, policy and strategy.

 |  |  |  |  | 
Derek Brink
VP & Research Fellow, IT Security and IT GRC, Aberdeen Group

More from Government
October 17, 2023

Cyber experts applaud the new White House cybersecurity plan

4 min read - First, there was a strategy. Now, there’s a plan. The Biden Administration recently released its plan for implementing the highly anticipated national cybersecurity strategy published in March. The new National Cybersecurity Strategy Implementation Plan (NCSIP) lays out specific deadlines and responsibilities for the White House’s vision for cybersecurity. The plan is being managed by the White House’s Office of the National Cyber Director (ONCD). Cybersecurity experts have applauded the Administration’s plan as well as the new implementation calendar. For example,…

September 19, 2023

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

September 18, 2023

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature