Cyber Security

Clinton And Trump’s Actual Cybersecurity Policies

How would the candidates fight government hackers, or one 'sitting on their bed that weighs 400 pounds'?

Cyber Security
Photo Illustration: Diana Quach
Sep 27, 2016 at 6:07 PM ET

To some extent, it’s understandable that Hillary Clinton had little to say about cybersecurity in the first head-to-head presidential debate, and that Donald Trump had significantly less. The topic is hard to plan for and hard to share with a general audience. “Cyber” as a standalone word is extremely vague, and can be used to refer to an individual’s cybersecurity, or a network’s, or government-sponsored hackers, or defense against such attacks. Trump even referred to “the cyber,” a phrasing he’s used before, which lexicographer Kory Stamper told ThinkProgress “makes him sound like a very old person who is not especially familiar with” the topic.

The topic was perhaps best summed up by this exchange, in which moderator Lester Holt asked Trump who is to blame for cyberattacks on American institutions:

So we have to get very, very tough on cyber and cyber warfare. It is — it is a huge problem. I have a son. He’s 10 years old. He has computers. He is so good with these computers, it’s unbelievable. The security aspect of cyber is very, very tough. And maybe it’s hardly doable.

But I will say, we are not doing the job we should be doing. But that’s true throughout our whole governmental society. We have so many things that we have to do better, Lester, and certainly cyber is one of them.

Clinton’s few comments at least reflected one thing U.S. intelligence officials think: That the Democratic National Committee had been hacked by Russian government groups:

Increasingly, we are seeing cyber attacks coming from states, organs of states. The most recent and troubling of these has been Russia […] [Russian President Vladimir Putin] let loose cyber attackers to hack into government files, to hack into personal files, hack into the Democratic National Committee.

Attack patterns indicate that the DNC, as well as the Democratic Congressional Campaign Committee, and now some Democratic staffers’ cell phones, were all hit by suspected Russian attackers. The private sector tends to agree with that sentiment, and U.S. intelligence officials definitely do. According to the Washington Post, the Director of National Intelligence, James Clapper, recently launched a campaign to better understand Russia’s influence in our elections.  

Clinton’s website, at least, has a paragraph about how she would “promote cyber-security at home and abroad.” While it’s written generally, it hits a lot of notes. She supports the cybersecurity framework created in 2014 by the federal National Institute of Standards and Technology, a voluntary set of standards that organizations can use to consider themselves relatively safe from cyberattacks. She supports the idea of the federal government drastically upgrading its own network security and infrastructure: As evidenced by the massive hack on the U.S. Office of Personnel Management, leaking the files of tens of millions of federal employees, hacks on the federal government can be disastrous.

And she also supports “responsible information sharing on cyber threats,” meaning a way to streamline how much an American company that’s being hacked can give government agencies like the FBI access to their networks to help. That’s a concept that privacy groups have largely opposed and law enforcement has pushed for, and her stance doesn’t elaborate on how to strike a balance between how much of a company’s information can be shared with the government.

Trump, on the other hand, offered little that made sense in the debate. At one point, contrary to what U.S. officials think — and Trump has been getting regular intelligence briefings — he said that there’s no way to tell if the DNC hacks have been from Russia, other countries, or the work of an extremely stereotypical rogue hacker.

I don’t think anybody knows it was Russia that broke into the DNC. She’s saying Russia, Russia, Russia, but I don’t — maybe it was. I mean, it could be Russia, but it could also be China. It could also be lots of other people. It also could be somebody sitting on their bed that weighs 400 pounds, OK?

Trump doesn’t have a formal tech policy on his site, and neither his nor Clinton’s campaign responded to Vocativ’s request for clarification on this story or several previous ones. He has at least given hints of opinions on tech since he started campaigning: He opposes net neutrality, has advocated for technically impossible kinds of internet censorship to stop ISIS, and he opposes American tech companies like Apple allowing users to communicate with end-to-end encryption. But he doesn’t appear to have any actual cybersecurity policy.