The relationship between security professionals and the government has been tenuous, at best, since its inception. Issues like the NSA’s widespread data collection, numerous hacks like OPM, and research hampering legislation have made cooperation between the two parties a challenging prospect. And yet, cooperation is more important than ever to fight off advanced attacks from around the world.
The upcoming 2016 election is a chance to start a new chapter in this rocky partnership — one perhaps based on the understanding that security professionals and the government must work together to ensure that security is a priority for the nation. But what do our leading candidates have to offer thus far? With only one year left before America decides, it’s time to take a closer look at what is being said about the state of security.
According to Tripwire CTO Dwayne Melancon, “there is a big difference between a candidate who has a cybersecurity policy and a candidate who has an understanding of cybersecurity.” A survey the company conducted at Blackhat USA revealed that 55 percent of infosec professionals believe that security will be a key issue in the 2016 election. Melancon went on to comment, “it will be important for any candidate to not only articulate their concern for cybersecurity but to also share a concrete plan for how they will incorporate the expertise of respected experts who can help craft practical, effective, and sustainable cybersecurity policies.”
To get a sense of the field’s understanding of the security issue, we visited the sites of the top five candidates from the Democrat and Republican parties, as well as independents John McAfee and Jill Stein. After the first Republican debate in August, Wired magazine declared that “no matter where the candidates stood, one thing was clear: cyber security is the new national security.” However, the results of a brief inspection of each candidate’s official campaign website revealed that cyber security has yet to break into the mainstream as a major platform issue.
Out of 12 major campaign sites, only four referenced the issue of cybersecurity — and one of those four mentioned it in just one sentence. Three candidates addressed security with a dedicated bullet in their campaign issues section, but only one candidate offered a dedicated security platform in the form of an op-ed for foreignpolicy.com.
More troubling than the lack of mention, however, was the fact that security was often simply rolled into answers on how to deal with foreign powers like China and Russia — pigeonholing the topic into the foreign policy arena. However, as many infosec pros know, there is much more at stake, including domestic legislation regarding vulnerability disclosure, privacy, and other issues directly related to security, and the industry that has grown up around it.
Martin O’Malley wrote that “our digital information and networks are critical to our economic might and national security. We should treat them like the precious resources that they are.” Hopefully, with the election rapidly approaching, we’ll see every candidate make concrete strides towards addressing voter concerns and making cooperation between the security industry and government a reality.