Last year was a big one for hacks. Health insurer Anthem, the Office of Personnel Management, credit data broker Experian, and infidelity website Ashley Madison all suffered data breaches that left millions of Americans’ personal information compromised.
While these and other data breaches received big press, cybersecurity has so far only played a bit-part role in the 2016 presidential race. Candidates have spoken about the importance of strengthening American cybersecurity, but not many have put forward plans articulating exactly how to do that.
On Tuesday, retired neurosurgeon and Republican candidate Ben Carson released a detailed plan about bolstering the U.S. government’s cybersecurity systems.
The content of Carson’s plan is less notable than his decision to draft one in the first place. He is only the second 2016 presidential candidate to release a paper detailing a cybersecurity plan. Jeb Bush published his plan in September. Two other GOP candidates, Republicans Sen. Marco Rubio (Fla.) and former Hewlett-Packard CEO Carly Fiorina, have briefly mentioned cybersecurity on their websites, in the forms of bullet points and a video, respectively.
Among Democratic candidates, Hillary Clinton talks about strengthening cybersecurity through cooperation between private and public sectors, although her website doesn’t go into much detail. Sen. Bernie Sanders (I-Vt.) hasn’t articulated a plan, but he opposed a cybersecurity bill that became law in December. Martin O’Malley offered his plan in an op-ed published in Foreign Policy last year. O’Malley, like others, favors coordination between companies and federal agencies.
Morning Consult polling data, compiled over the past three months, suggests voters might not be paying much attention to these plans anyway. Many still aren’t convinced hackers are a genuine threat to them.
Between Oct. 22 and Jan. 17, Morning Consult asked 9,995 registered voters whether they think it’s likely they or their family would be directly affected by a cyber-attack in the coming year.
Respondents were divided. About half (48 percent) said it was likely that they would be affected by a cyber-attack. Just over one-third (37 percent) said they weren’t likely to be impacted, and 15 percent said they didn’t know or didn’t care.
Even those who think they could be affected may not be that worried about it. Only 13 percent of voters said it was “very likely” they or their families would be victims of a data breach. About one third (35 percent) said it was “somewhat likely.”
What’s more, Morning Consult polling since October shows that more Americans cite the economy as their top concern (34 percent) than those who choose national security (25 percent).
Carson’s plan is among the most detailed of all the presidential candidates. He suggests creating a federal agency, which would be called the National Cyber Security Administration, to facilitate this improvement. The new agency would consolidate “the countless and often redundant programs, initiatives and offices which operate disjointedly throughout the government,” to create a more streamlined approach to strengthening U.S. cyber defenses.
Carson doesn’t specify which programs, initiatives, or offices would be consolidated. If his proposal were to be implemented, it could encompass a wide range of agencies that tend to be territorial about their jurisdiction — namely the Defense Department, the Central Intelligence Agency, the Federal Bureau of Investigation, the Justice Department and the Department of Homeland Security.
Fiorina similarly calls for a centralized command agency that would be responsible solely for cybersecurity. As the former head of a major tech company, she also wants the private sector to play a big role in improving the country’s cyber defenses.
Jeb Bush’s five-part plan focuses on improving agencies’ resources. He called for the U.S. to stop “demonizing” the National Security Agency and Cyber Command and instead “start giving them the tools they need.” His platform includes improved coordination between private companies and the government, increasing U.S. cybersecurity capabilities, and “removing barriers to innovation” for the tech industry.
Rubio’s plan is less fleshed out. He wants to encourage information-sharing between the private sector and the government to help coordinate responses to cyber threats.
Rubio, Fiorina, Bush and Clinton’s cybersecurity ideas are similar to legislation that became law in December, the Cybersecurity Information Sharing Act. The statute gives private companies liability protections when sharing data with federal agencies. The bill passed the Senate overwhelmingly 74-21. in late October. (Interestingly, Rubio didn’t vote that day).