If elected in November, Republican presidential nominee Donald Trump in his cybersecurity agenda released today vowed to “crush” cyber criminals and ensure the U.S. government’s “unquestioned” digital dominance.
The agenda promises to bolster both the government’s cyber defenses and its offensive capabilities, building forces with the “unquestioned capacity to launch crippling cyber counterattacks” against foreign government or nonstate terror actors.
“This is the warfare of the future, America’s dominance in this arena must be unquestioned,” Trump said in the prepared remarks.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
In the plan, Trump erroneously states “hackers were able to obtain at least 20 million identities of people who underwent FBI background investigations. The information hacked contains facts discovered by the FBI in doing background checks for people seeking positions with the federal government. It is a treasure trove which can be easily used for blackmail."
The FBI does not conduct the background investigations; instead, Trump was likely referring to the Office of Personnel Management and its contractors, which carried out those investigations.
Nonetheless, as a result of the hack, sensitive clearance records of federal employees and contractors will now be stored on Pentagon systems.
Otherwise, in many ways, Trump’s plan to dominate cybersecurity is similar to actions undertaken by the Obama administration following a series of headline-inducing hacks, including the aforementioned OPM breach that exposed the personal information of millions of security clearance holders.
Trump says one of his first actions will be to conduct a thorough review of “our cyber defenses and weaknesses, including all vital infrastructure," which sounds similar to Barack Obama’s Cybersecurity National Action Plan issued in February. CNAP includes hiring a federal chief information security officer and a pot of money dedicated to modernizing agency IT and cybersecurity postures.
To accomplish this, Trump would create a “team of the best military, civilian and private sector cybersecurity experts to comprehensively review all of our cybersecurity systems and technology,” who, in addition to reviewing all systems across all federal agencies, would seek out and investigate “suspected hackers or rogue employees.”
As part of CNAP, Obama created the Commission on Enhancing National Cybersecurity featuring business, technology and academic leaders, and the former head of the National Security Agency and U.S. Cyber Command, but it doesn’t have a specific military component.
Trump compares today’s hackers to the mafia gangsters of yesteryear and called for joint federal efforts to fight them.
"We can learn from this history that when the Department of Justice, the FBI, the DEA and state and local police and prosecutors were combined in task forces directed at the mafia, they were able to have great success in prosecuting them, seizing their business interests and removing their infiltration from legitimate areas of society," he said.
In late July, Obama released Presidential Policy Directive 41 that established a cyber response chain of command putting the Justice Department in charge of investigating threats and the Homeland Security Department providing technical support.
Trump lists several “recent hacks” companies acknowledged in 2014: 73 million emails stolen from JPMorgan Chase, 50 million passwords pilfered from eBay, and 40 million credit card numbers taken from Target. The JPMorgan Chase hack upped its numbers to 76 million households and 7 million small businesses affected. There's no mention of the much larger, more recent Yahoo hack of 500 million user accounts, the Democratic National Committee hack or any of the summer’s other mega-cyberattacks.
Trump’s focus on building the nation’s offensive cyber capabilities implies the U.S. lacks existing capabilities in this realm. Government and military officials generally shy away from talking about the country’s offensive cyber capabilities, but in April leaders acknowledged U.S. Cyber Command brought its cyber weapons to the fight against the Islamic State. As far back as 2011, the U.S. government carried out several hundred offensive cyber operations.
Neither Trump’s cyber agenda nor Democratic presidential nominee Hillary Clinton’s cyber plan provide enough meat to seriously compare. Both call for increased investment in cybersecurity, mirroring actions Obama took this year and proposing $5 billion in additional cyber funding for fiscal 2017.