Brett Ekberg is a research associate in the Digital and Cyberspace Policy Program at the Council on Foreign Relations.
There might be 435 days before Election Day, but the 2016 presidential campaign is well under way. With both the republican and democratic fields largely solidified, the twenty-two candidates have begun to lay out their policies and make their cases for why they should be commander-in-chief. While jobs and the economy have dominated the campaign, this election cycle could see cybersecurity play its largest role yet. Recent events like the hacks of Sony Pictures, Anthem and the Office of Personnel Management have brought the issue to public attention, and presidential hopefuls are being asked how their administrations would defend America’s interests in cyberspace.
The candidates generally agree that the next occupant of the Oval Office will spend an increasing amount of time working on cybersecurity, but no candidate has offered specific policy ideas. Here are a five predictions on how cybersecurity could play out on the campaign trail prior to election day:
1. The rhetoric against China will continue, and escalate
While we likely won’t see Lincoln Chafee demand that Xi Jinping tear down the Great Firewall, we should expect to see many of the candidates continue their anti-China rhetoric, particularly if future data breaches are linked to the country, confirmed or otherwise. Republicans blamed the president’s “weak” China policy for the recent OPM hack and were quick to demand that the administration respond. Among democratic candidates, Hillary Clinton has taken the toughest stance on China’s actions in cyberspace, accusing the Chinese of “trying to hack everything that doesn’t move in America.”
In a presidential election where republican voters have named national security their top concern, and where democrats may see speaking out against China as a way to counter GOP rhetoric that their party is weak on that issue, it would be a surprise to see a candidate soften his or her language prior to November 2016.
2. Privacy advocates won’t see the debate they’d like
Few of the leading candidates, democrat or republican, have made privacy concerns a central issue. Of the twenty-two declared candidates, only four—Rand Paul, Ted Cruz, Bernie Sanders and Lincoln Chafee—have embraced the privacy debate as part of their campaign, and none looks likely to be the nominee for either party.
On the right, Senator Paul’s poll numbers are slipping and he has struggled to fundraise. Ted Cruz is polling better, but is not as strongly opposed to government surveillance programs. Jeb Bush, Marco Rubio and other leading republicans generally support the NSA and its programs.
On the left, Lincoln Chafee, according to some polls, has zero support. Bernie Sanders, who is polling much better, has said he supports “dismantling” NSA programs, but has not elevated privacy as a central issue. Mrs. Clinton endorsed USA Freedom in May, but hasn’t taken an explicit position on what she views as the proper balance between surveillance and security.
With the leading privacy advocates struggling to make headway, privacy issues will likely take a backseat through 2016.
3. Candidates will back stronger offensive cyber measures
Most of the talk on the campaign trail so far has been about defense. Candidates have stressed the need to improve the country’s ability to secure critical networks and defend corporations from cyberattacks, but there has been only limited discussion of offensive capabilities.
The Obama administration’s recent decision that “it must retaliate” against the perpetrator of the recent OPM hack looks set to change that. With the idea of deploying offensive capabilities gaining traction in Washington, it is likely only a matter of time before it reaches the campaign trail. The broadness of the issue and the range of offensive responses will allow for some space between positions, making it an issue where candidates can potentially differentiate themselves from their opponents. Backing offensive cyber measures should also appeal to voters: a recent poll by Vormetric, a data security firm, found that ninety-two percent of Americans believe “action against a nation-state is necessary following a data breach.”
4. Hackers will target campaign websites
Beyond crafting cybersecurity policy, candidates should focus on the security of their campaign operations as well. During the 2008 election, both the Obama and McCain campaigns were hacked by the Chinese government. Republican vice presidential candidate Sarah Palin had her email broken into that year as well. China reportedly targeted presidential candidates again in 2012, hacking both the Obama and Romney camps.
While the 2008 and 2012 attacks targeted campaign computers and databases, in 2016 the candidate’s donation pages could also be targeted. With campaign websites now being “used more as tools to raise money,” often via credit card, they make for potentially lucrative targets.
5. Cyber becomes a stand-alone issue
In a 2013 Washington Post article, Dominic Basulto asked, “When will cybersecurity become a major campaign issue?” The answer could be 2016. Cybersecurity is often thought of as a part of defense policy or of intelligence policy, and that’s still more-or-less where it fits now. But with the number of hacks likely to increase, and sectors like health insurance, airlines and cars becoming targets, cybersecurity could make the jump into the 2016 mainstream. It will never top the economy in an issue poll, but as our interconnectedness and exposure increase in tandem, voters would be right to expect their presidential candidates to defend against, and respond to, their cybersecurity concerns.