The cyber-battle between Mike Pence and Tim Kaine is pretty lopsided.
Aside from sound bites on Russia and hacking, where Clinton and Trump stand on cybersecurity issues is generally unclear. In fact, they’ve devoted little time to this crucial and urgent subject. Which is weird in light of the epic amount of hacking shenanigans this presidential race has compelled us to endure.
When it comes to cybersecurity, neither Clinton nor Trump has a position, a statement, a plan or a section in their “Issues” sections of their campaign websites. Only Clinton’s website mentions it — in passing: once on China’s accountability to the U.S., and then again in a little line stating she will work to promote “cybersecurity at home and abroad.”
You’d think either one of them would have something substantial on a topic that’s simultaneously consuming the nation and making them both look foolish. But apparently, that’s where their VPs are supposed to come in and take up the very troubling amount of cybersecurity neglect we’re witnessing.
Which, as you’ll see, is pretty lopsided.
Mike Pence’s cyberrecord
As Indiana’s governor, Pence established a reputation for seeing cybersecurity through a business-focused lens and for emphasizing law enforcement’s need for greater resources to fight hacking. During his run as governor, he also pushed for tax breaks to draw in more infosec jobs into the state.
In April, Pence announced the formation of a public-private partnership initiative called the Indiana State Executive Council on Cybersecurity. It was framed as “a comprehensive public-private partnership charged with enhancing Indiana’s ability to prevent, respond to and recover from all types of cybersecurity issues, including attacks.”
Those partners include organizations you’d expect, like the Indiana DHS and private partners such as government cyber-darling consultant FireEye/Mandiant, which has well-documented troubles producing results and maintaining its stock price. Other private partners include Indiana University, Purdue University and RSA.
The Cybersecurity Council’s site for Indiana citizens is riddled with bizarre advice, like “see if your information will be protected” before using public WiFi and contact the Indiana State Police if you get hit with ransomware. It also has embarrassing problems like unfinished sentences and words placed senselessly in the middle of sentences, showing that no one really cared to read or finish the help guide.
Perhaps that’s because the Council’s command center is only open “from about 8-5” … and maybe when it’s time to clock out, proofreading and readability becomes someone else’s job. As things go, Pence’s whole initiative reads like an unfinished joke.
Tim Kaine’s cyberrecord
When Kaine was announced as Clinton’s pick for VP, Trump said that Kaine was a terrible governor … for New Jersey. Kaine, the former governor of Virginia, took it in stride admitting that, yes, he was definitely a no-show governor for the Garden State. But he was all business on Trump’s remarks encouraging Russia to hack Clinton, telling press “cybersecurity is no laughing matter.”
Kaine has done more work on and given more thought to cybersecurity and digital issues in general than Pence, Trump and Clinton combined. As a senator, Kaine voted in favor of the controversial Cybersecurity Information Sharing Act of 2015 (CISA). As you may remember, CISA was panned for worsening America’s digital-surveillance problems, as well as for leaving out critical privacy protections. Its critics were surprised and furious when it was snuck through inside a budget bill.
Being a victim of the OPM hack motivated him to go deep into cybersecurity policy. Kaine partnered with Sen. Mark Warner (D-Va.) to introduce legislation giving OPM hack victims identity-theft protections.
The OPM hack is something he mentions frequently, like in his May keynote at the Center for Strategic and International Studies’ event, “Cybersecurity After Information Sharing.” In it, he outlined the primary issues he’s tackling in the Senate Budget Committee: “cyber doctrine; the debate over the security-privacy balance; and then third, cyber security investment.”
Kaine wants to see more money spent on cybersecurity, specifically in hiring and policy, calling the 2017 budget “make or break” for cyber. He shares Pence’s affection for FireEye and speaks highly of his discussions with the beleaguered company about cyber-modernization of various departments.
On Snowden, Kaine believes what he did was illegal but won’t throw labels like “traitor” around until the government can prove it. When the encryption debate went mainstream during the Apple vs FBI controversy, he carved out a middle ground. He voiced opposition to legislation that would mandate backdoors, yet seeks a solution for law enforcement and, like Clinton, he backed the creation of an encryption commission. Hopefully he’ll take into account the lack of fact-checking found in the first report.
The Internet Security Alliance praised Clinton’s pick of Kaine. Larry Clinton, president of the ISA, said, “Perhaps more importantly, in speeches and hearings, Sen. Kaine is on record as saying that the next administration needs to act with greater urgency and frankly invest more on cybersecurity.”
Elaborating further, he said Kaine “has articulated, as we have at ISA, that the digital age fundamentally changed our world and we need to address this challenge much more aggressively and creatively.”
Considering Clinton’s barely-there grasp of all things cyber and hacking, like Trump, she would be leaning heavily on her VP for guidance on these pressing issues. Unlike many of his colleagues, Kaine understands just how urgent and important cybersecurity is right now.
And for a presidential race that feels more acrimonious and negative by the day, this is a bit of good news … for once.