Incident Response, TDR, Vulnerability Management

2016 candidates rated on cyber policies

A duo of security executives assessed the cybersecurity and data privacy plans proposed by the 2016 Presidential candidates.

IDT911 Chief Privacy Officer Eduard Goodman and Chief Information Security Officer Brian Huntley rated the candidates' policies based on 14 key indicators of cybersecurity stances, including their views on the Cybersecurity Act of 2015, China's role in the OPM breach, encryption policy, renewal of the NSA metadata program, and Edward Snowden's revelations of NSA policies.

As industry pros who have suffered through the candidates' cybersecurity comments may have guessed, there were few winners in this assessment. Of the six candidates rated, the highest rating was awarded to Marco Rubio, who received a “B-” grade from one of the judges, but even that rating was tempered by “D+” grade from the other judge. All of the other candidates received unsatisfactory assessments, at “C+” or lower.

The ratings did not reflect external cyber indicators, such as Clinton's email controversy, alleged misuse of voter data by Sanders' former national data director, or attacks against Donald Trump's campaign website and hotel chain.

“I struggled with that,” said Huntly, in discussing the choice to exclude outside factors. The goal was to “isolate personal biases” on polarizing issues, he said, speaking SCMagazine.com.

Political leadership on cybersecurity progress is much needed, but apparently in short supply. A report published last September found that nearly three-quarters of the presidential candidates running at the time did not meet sufficient standards on privacy, security and consumer protections of voter information obtained through campaign websites. All of the remaining candidates – Hillary Clinton, Bernie Sanders, Marco Rubio, Donald Trump, Ted Cruz, and John Kasich – received failed grades in that report.

During the 2008 campaign, the election websites of Barack Obama and John McCain were both attacked, as was George W. Bush's website in 2004. These situations “influence the candidates' approach to security,” said former White House Special Assistant to the President for Cybersecurity Ari Schwartz, in speaking with SCMagazine.com. “However, it doesn't seem to influence how candidates build websites or how they secure information.”

“I would be worried about attackers in my system, not yet taking intrusive action,” former U.S. Senator and DLA Piper partner Saxby Chambliss told SCMagazine.com. “The worst thing that could happen is that some disclosure is made in late 2016 that impacts the campaigns.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.