Clinton's Email Brouhaha and PoliticsCoverage Focus Segues from Secrecy to Security
Word that Hillary Clinton maintained a personal email server at her Chappaqua, N.Y., home while serving as secretary of state has elevated cybersecurity and privacy as political issues. But it's just the latest example of such issues grabbing the attention of U.S. voters.
The initial coverage of Clinton's email use focused on whether she complied with federal and departmental rules on how officials and employees should conduct email communications. Questions were raised whether Clinton was hiding information from the public, Congress and the media. But for the security professionals, the first thing that came to mind was the lack of security in managing a privately run email server located in a suburban New York house. Even the White House raised the security facet of the Clinton email brouhaha to tout its own cybersecurity agenda.
Because of news accounts on Clinton's email security, cybersecurity is becoming part of the nation's political conversation.
At a March 4 briefing, White House Press Secretary Josh Earnest said he found the security aspect of Clinton's use of personal email for official business more engaging than whether she complied with official policies and law. "Your line of inquiry [about security] might actually be more interesting than some of the lines of inquiry [on compliance and secrecy] that we've had on this topic," Earnest said, in response to a reporter's question.
Linking Email Uproar to Security Agenda
The press secretary said the administration takes cybersecurity very seriously, as does the private sector. Never wanting to waste an opportunity to promote an administration policy, Earnest added, "And obviously the president has put forward legislation related to cybersecurity to try to not just strengthen the defenses of private sector email networks, or computer networks more generally, but also try to strengthen the defenses of the computer networks, including the email networks of the federal government."
Moments later, Earnest said, "So I guess the point is that we certainly are mindful of security online. Some people call it cyber hygiene. I think it's a strange term, but it's one that people try to be mindful of to ensure that we're doing everything we can to protect our cybersecurity. But this is something that doesn't just have an impact on the federal government. There are private sector institutions that are also grappling with this question as well."
I want the public to see my email. I asked State to release them. They said they will review them for release as soon as possible." Hillary Clinton (@HillaryClinton) March 5, 2015
The administration is gung-ho on pushing its cybersecurity agenda that includes cyberthreat information sharing and analysis and national requirements for data breach notification. The White House recognizes that cybersecurity and privacy is being politicized, which does not necessarily mean it's becoming a partisan issue, although partisan differences exist over defining liability protections to businesses sharing cyberthreat information and requiring businesses to strip personally identifiable information from cyberthreat data shared with the government (see Could Costs Impede Info-Sharing Plan?).
Clinton's use of personal email as secretary of state is one more piece of cybersecurity knowledge entering the voter's consciousness. Obviously, voters are becoming more aware of cybersecurity with the never-ending reports of mega-breaches striking well-known companies. In the past few weeks, hackers targeted Anthem, Uber and Lenovo. Add to that cyber-attacks against Sony, Target, Home Depot, JP Morgan Chase, the State Department and White House, to name a few, and cybersecurity has become a mainstay of the news cycle.
It's not only breaches that propel cybersecurity into the electorate consciousness. Take, for instance, this past week's coverage of a Government Accountability Office's audit of the Federal Aviation Administration. The audit, mild by standards of government auditors, said air traffic systems could be at risk because of certain vulnerabilities. Regular readers of GAO and inspectors general audits know that nearly every report published identifies vulnerabilities in systems that could place IT at risk. And, the headlines in most security-oriented news sites - including ours (GAO Sees FAA Air Traffic System at Risk) reflect the reality of the audit. But the general media was more sensationalist in its coverage, such as CNN's headline that read: "Report: Air Traffic Control System Vulnerable to Cyberattack." Technically true, but as many CISOs and other security professionals point out, audits reflect compliance with controls and procedures and do not necessarily reflect the true security of systems.
Part of the Political Conversation
Still, the point here is that the news reports on the audit by the mainstream media raise public awareness of cybersecurity.
Because of news accounts on Clinton's email security, mega-breaches and the FAA audit, cybersecurity is becoming part of the nation's political conversation. But unlike the economy and national security, cybersecurity and its partner online privacy won't anytime soon play a decisive role in deciding elections.