VP Candidates Butt Heads on Cybersecurity at Debate

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jimmy H. Koo

Oct. 5 — Sen. Tim Kaine (D-Va.) and Gov. Mike Pence (R-Ind.) butted heads on cybersecurity for national security and immigration enforcement during the 2016 U.S. vice presidential debate.

Given the increasing frequency of cybersecurity attacks, such as the hacking of at least 500 million Yahoo! Inc. accounts (15 PVLR 1881, 9/26/16), cybersecurity will be an important issue that the next administration must address. Although Kaine and Pence's cybersecurity platforms may lack in detail, their cybersecurity-related records in their home states may provide insight into their priorities and policy stances on the issue.

Privacy and security professionals previously told Bloomberg BNA that cybersecurity likely won't be the centerpiece of presidential campaigns, but the topic underlies many of the issues that the candidates will discuss until the Nov. 8 election, including national and economic security (15 PVLR 1476, 7/18/16).

During the first presidential debate, nominees Hillary Clinton (D) and Donald J. Trump (R) similarly framed their cybersecurity platforms around national security threats, discussing the biggest threats to U.S. information technology infrastructure and whether a specific country—Russia, China and Iran—is responsible for state-sponsored hacking attacks (15 PVLR 1941, 10/3/16).

Kaine and Pence paralleled their running mates' focus on the need to battle cybersecurity threats as a national security issue, but focused on the need for private sector cooperation in the effort—something both have been exposed to at the state level.

Intelligence Surge

During the vice presidential nominees' discussion of vetting refugees and immigration enforcement, moderator Elaine Quijano asked how an “intelligence surge” would help tackle terrorist threats. She was referring to Clinton's suggestions for an intelligence surge, following the July terrorist attacks in Nice, France.

According to Kaine, an intelligence surge requires expanding the government's capacities by “striking great partnerships” with cybersecurity and intelligence professionals in the private sector and “creating stronger alliances” to foster intelligence sharing.

Pence offered similar views, noting that consolidation of resources is necessary to fight cybersecurity threats.

“We have got to bring together the best resources of this country to understand that cyber warfare is the new warfare of the asymmetrical enemies that we face in this country,” Pence said.

Without specifically referring to the program, both vice presidential candidates echoed President Barack Obama's cybersecurity information sharing initiative, the Cybersecurity Information Sharing Act (CISA), which was passed as part of a consolidated spending package in 2015 (15 PVLR 376, 2/22/16). CISA provides protections to companies who share a cybersecurity “threat indicator or defensive measure” with the government. Under CISA, private entities that “promptly” share their data with the government are granted immunity from any public or private cause of action (15 PVLR 1273, 6/20/16).

The Indiana governor mentioned Clinton's use of unsecured e-mail servers during her tenure as the secretary of state. “We could put cybersecurity first if we just make sure the next secretary of state doesn't have a private server,” Pence said.

virgindiana
Virginia Is for Cybersecurity Lovers

Kaine's call for increased partnerships with the private sector reflects his experiences in Virginia's state government. Kaine has held a variety of positions in Virginia—including governor, mayor and city council representative—and brings years of experience interacting with the state's robust technology and cybersecurity industries.

Kaine has a “long record working on cybersecurity as many key federal agencies that focus on cyber policy are housed in Virginia,” a Kaine campaign representative told Bloomberg BNA.

According to a recent study by the Computing Technology Industry Association (CompTIA), there are 284,681 people in Virginia employed in the tech industry sector, making it the state with the sixth largest tech industry in the U.S.

The CompTIA study defined “technology industry” to include companies that produce technology products and services but not companies that utilize technology products and services. The study also found that 9.5 percent of Virginia's workforce was in the tech industry, putting it in second place to Massachusetts at 9.8 percent in the concentration of tech workers among U.S. states.

To ensure a coherent strategy across federal agencies, a Clinton-Kaine administration would build on the Obama Administration’s Cybersecurity National Action Plan (15 PVLR 317, 2/15/16), “especially the empowerment of a federal Chief Information Security Officer, the modernization of federal IT, and upgrades to government-wide cybersecurity,” the Kaine campaign representative said. The administration also would support efforts to strengthen cybersecurity, “both for government networks and for the private sector,” the campaign representative said.

Tech Industry Growth in Indiana

Pence hails from a state with smaller tech and cybersecurity industry than Virginia—in the CompTIA study, Indiana was ranked as the state with the 23rd largest tech industry in the U.S., employing 82,196 Indianans.

However, as the governor of Indiana, Pence has prioritized capitalizing on the apparent growth in the tech, information technology and cybersecurity industries in the state.

In April, Pence announced the creation of the Indiana State Executive Council on Cybersecurity—a public-private partnership in charge of enhancing the state's ability to address cybersecurity threats and issues. Pence said that the council will “bring together state government, federal agencies and the private sector to enhance cybersecurity statewide.”

Through an executive order pertaining to the Cybersecurity Council, Pence has required all agencies in his administration to “cooperate in cybersecurity planning, response, mitigation and recovery,” Kara Brooks, spokeswoman for the Office of Governor Pence, told Bloomberg BNA.

The creation of the cybersecurity council follows a 2015 public-private partnership called the Indiana Sharing and Analysis Center. According to the state website, the partnership was “the nation's first government academic and private collaborative cybersecurity effort with the goal of statewide information sharing.”

To contact the reporter on this story: Jimmy H. Koo in Washington at jkoo@bna.com

To contact the editors responsible for this story: Donald G. Aplin at daplin@bna.com ; Daniel R. Stoller at dstoller@bna.com

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.