Jeb Bush is ready to take a hardline stance on cybersecurity the Obama administration has been unwilling to adopt, according to a new policy outline from the 2016 presidential hopeful, in which he describes the need to increase U.S. cyber defenses to expand the economy.
The former Florida governor outlined a five-point plan this week to prioritize cybersecurity — an issue that “gravely needs presidential leadership” to achieve the four percent growth in the economy Bush set down as a goal.
“We need to recognize the reality that today we are under cyberattack and we are not keeping up with the threat,” Bush wrote in a Medium post Monday. “We also need to identify clearly the mission for government and the private sector: to work together to ensure the security of the Internet.”
According to Symantec, small and medium-sized organizations were targeted in 60 percent of all known cyberattacks in 2014, and attacks against small and medium-sized businesses rose 26 percent and 30 percent. In the same year, five out of six large companies were targeted in spear-phishing campaigns — 40 percent more than in 2013.
FireEye reports even major hacks on the scale of Anthem, Sony, JPMorgan Chase, Home Depot, Target and the U.S. Office of Personnel Management — costing millions in theft and damages and compromising personal data on millions of people — go undiscovered for a median of 229 days. McKinsey & Company has found attacks cost the average company $3.5 million. The Ponemon Institute reported in 2014 that cybercrime costs the U.S. economy $3 trillion annually.
“The intrusion into the Office of Personnel Management (OPM) — the human resources department of the U.S. Government — illustrates the cultural failure of the Obama administration to take these threats seriously,” Bush said. “The OPM systems contain millions of personnel records — many of which included an intrusive and sensitive personnel questionnaire. OPM officials knew this data was valuable, sensitive, and vulnerable, but failed to take basic steps to protect it.”
Bush criticized Obama for “hiring political hacks or cronies for critical positions that involve cybersecurity” — in this case, former OPM Director Katherine Archuleta, a political appointee who served as a major fundraiser for the Obama campaign before being appointed to lead OPM.
In the weeks after the year-old hack was discovered, lawmakers in Congress, including House Oversight Committee Chairman Jason Chaffetz, accused Archuleta of being unqualified to direct OPM and ignoring glaring security vulnerabilities highlighted by the OPM inspector general for years in a row. Archuleta resigned in July after initially stating she would see the crisis through.
The younger Bush brother also highlighted the ongoing investigation surrounding fellow 2016 presidential candidate Hillary Clinton’s use of a private email server while serving as secretary of the State Department — the largest example of a growing trend of “convenience” in government work that puts information security at risk, according to cybersecurity firm Lookout.
“The president also cannot allow cabinet secretaries and senior officials to violate rules and procedures meant to protect classified and national security-related government communications,” Bush said. “It should not be too much to ask government officials to abide by the laws and rules in place to safeguard our national security.”
“Secretary Hillary Clinton’s growing email scandal highlights reckless behavior by officials entrusted with some of our nation’s most sensitive secrets.”
In regard to global actors behind many attacks, Bush reiterated the need called for by many in government to set down specific “rules of the road” for appropriate responses to cyber aggression to act as a deterrent to nations like China, Russia, North Korea and Iran. The Obama administration has, thus far, been reluctant to set down a firm policy or response. At present, such responses have been limited to economic sanctions.
“We must hold to account those who are stealing our nation’s intellectual capital,” Bush wrote. “Efforts to expose, prosecute, and in some cases retaliate against these actors will raise the cost of conducting such attacks and increase deterrence of future attacks.”
Bush said we should work with global allies to develop those rules of the road, but opposed the Obama administration’s plan to hand over the Internet Corporation for Assigned Names and Numbers — the company that manages the worldwide Internet domain name infrastructure under the Commerce Department — to the global community next year.
He also called on Americans to stop “demonizing” members of the intelligence community charged with protecting the U.S. from cyberattacks, like the FBI and National Security Agency. Bush has unwaveringly supported the signals intelligence agency since the leak of documents exposing mass surveillance programs by former NSA contractor Edward Snowden.
Bush endorsed in general terms many of the policies called for by agency Directors James Comey of the FBI and Adm. Mike Rogers of NSA, including a means to access private companies’ encrypted user communications, like those provided by Apple and Google, for law enforcement surveillance.
He also gave a thumbs up to the stalled Cybersecurity Information Sharing Act (CISA), which would legalize data sharing between private companies like Facebook and Twitter, law enforcement, and intelligence agencies.
Both of those issues have divided Congress on both sides of the aisle, including 2016 opponent Rand Paul, who opposes such policies as violations of the Fourth Amendment. Bush will join Paul on stage Wednesday for the second 2016 GOP primary debate to air on CNN, where the topic of cybersecurity will almost certainly come up.
In a final point, Bush emphasized the need to cut down federal regulatory red tape slowing down tech startups’ entry into the market, such as SEC regulations for raising capital, opening up avenues for skilled immigrants to migrate to the U.S. and cutting business taxes.
“[W]ithout a secure Internet, these types of initiatives may never reach their full potential,” Bush wrote. “Our country, starting with the president and federal government, must recognize the cybersecurity challenge and dedicate itself to conquering it.”