September 16, 2016 By Derek Brink 4 min read

To read our overview of Republican candidate Donald Trump’s security platform, click here.

Of the 37 issues that define Secretary Hillary Clinton’s vision for America, cybersecurity does not make the list. However, she does delve into the subject of cybersecurity and the future of tech in her “Initiative on Technology and Innovation.”

Digging Into the Clinton Security Platform

Cybersecurity is not thoroughly discussed in the context of Clinton’s national security platform. And aside from a reference to “working with tech companies” to fight online propaganda, intercept communications and track social media posts, cybersecurity doesn’t play a major factor in Clinton’s focus on combating terrorism.

However, a few details on security-related issues can be found in the context of Secretary Clinton’s initiative, which features five high-level parts, each one of which impacts security:

  1. Invest in computer science and STEM education, support entrepreneurial ecosystems and build the human capital pipeline.
  2. Invest in digital infrastructure.
  3. Provide global leadership in technology and innovation.
  4. Establish rules that foster healthy competition, reduce barriers to entry and protect intellectual property while safeguarding privacy and security.
  5. Use technologies to make government smarter, more efficient and more responsive.

For complete details, read the full briefing on Clinton’s official campaign website. In the meantime, let’s take a closer look at the Clinton security platform.

General STEM Education Goals

Secretary Clinton wants to ensure that all public school students in America have access to rigorous computer science education. To meet this goal, she calls for training an additional 50,000 computer science teachers.

This kind of investment could actually be an excellent opportunity to embed better security into the design and development practices of America’s next generation of technology users and workers. Conversely, an investment of this level without consideration for security could inevitably lead to an amplification of the unintended consequences, such as an unmanageable stream of newly discovered vulnerabilities and exploits.

More Access, More Problems?

Clinton’s plan also calls for enabling access to high-speed broadband for all Americans and providing free public Wi-Fi in airports, train stations, mass transit systems and public buildings. More citizens connected means more citizens vulnerable to phishing, ransomware, identity theft and whatever bad things come along next. This can only mean more security problems, given the generally poor implementation of security fundamentals that already pervades the industry and the public.

Her plan does hint at the importance of things like helping citizens with enrollment and offering training in digital literacy. Still, it calls for these to be tacked on via “community-based programs,” as opposed to being an integral part of the strategic investment. It’s another excellent opportunity to improve the practices of future generations.

Global Leadership in Technology and Innovation

For the most part, Secretary Clinton’s policies in this area are consistent with those of the current and previous administrations:

  • Continue internet freedom as a foreign policy priority.
  • Support multistakeholder governance of the internet.
  • Pursue policies to protect U.S. trade secrets and intellectual property.
  • Resist calls from other governments for forced technology transfer or localization of data.
  • Continue efforts to stop cyber-enabled economic espionage.
  • Support responsible information-sharing between government and industry regarding cyberthreats.
  • Balance national privacy laws with the needs of commerce.
  • Modernize current mechanisms for cross-border sharing of data in response to legitimate law enforcement investigations.

The idea of standards-based, widely shared intelligence about threats and vulnerabilities has been a topic of high interest in the cybersecurity industry since around 2011. Industry thought leaders have proposed standard ways to define and communicate about indicators of compromise, event recording, incident sharing and so on.

As a way to redefine the balance of power between attackers and defenders in cybersecurity, the high-level vision behind sharing this kind of information is extremely encouraging. Given the time and resources these types of initiatives usually take to develop and mature, however, the public should remain realistic in our expectations. It will take trusted, consistent leadership from both sides to break down the barriers to truly useful, bidirectional information-sharing between government and industry.

Personal Privacy Versus Public Safety

Once again, Secretary Clinton’s policies in this area are substantially similar to those of current and previous administrations. She intends to challenge state and local governments with regard to regulations that protect legacy incumbents against new innovators; continue support for net neutrality; oppose policies that restrict the free flow of information online; enact targeted patent reforms to reward innovators; improve the capacity of the Patent and Trademark Office; and modernize the copyright system.

In addition, Clinton would appoint a chief innovation advisor to reduce federal regulatory barriers with respect to the development of new products and services.

The Clinton platform most directly affects cybersecurity with its intention to reject “personal privacy versus public safety as a false choice,” and support a national commission on the topic of digital security and encryption.

Modernizing Crucial IT: A Reasonable Start

Secretary Clinton calls for a government that is more efficient and more responsive to its citizens. This includes the redesign and digitization of the top 25 federal government services that directly serve citizens, streamlining procurement processes, eliminating other internal barriers to modernization and engaging citizens in government innovation.

It’s in this area that we find the most detail on the Clinton security platform, including calls to modernize federal IT, upgrade and improve governmentwide cybersecurity and accelerate adoption of cybersecurity best practices, such as the NIST Cybersecurity Framework and the DHS CDM program.

Given the sheer scale and scope of government infrastructure, it makes sense that Secretary Clinton also proposes the appointment of a federal CISO to ensure a coherent cybersecurity strategy across federal agencies. Ideally, a federal CISO would be in position not only to coordinate a coherent cybersecurity strategy across the sprawling federal government, but also to provide the leadership to ensure that security perspectives are considered upfront with respect to investments in the other four areas of training, infrastructure, policy and strategy.

More from Government

CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM

3 min read - In 2022, the Cyber Incident for Reporting Critical Infrastructure Act (CIRCIA) went into effect. According to Secretary of Homeland Security Alejandro N. Mayorkas, "CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors."While the law itself is on the books, the reporting requirements for covered entities won't come into force until CISA completes its rulemaking process. As part of…

Important details about CIRCIA ransomware reporting

4 min read - In March 2022, the Biden Administration signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments.The CIRCIA incident reports are meant to enable CISA to:Rapidly deploy resources and render assistance to victims suffering attacksAnalyze incoming reporting across sectors to spot trendsQuickly share information with network defenders to warn other…

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today