Jeb Bush Campaign Press Release - Strengthening Cybersecurity

The Internet has transformed everyday life for people, revolutionizing communications and how Americans interact with each other and the world. The Internet's impact on economic growth has likewise been profound. U.S. manufacturers reported e-commerce shipments were $3.3 trillion in 2013. According to one report, from 2004 to 2009, the Internet accounted for 15% of GDP growth.

Yet, for all of the Internet's transformational power, its future rests in part on one critical factor—cybersecurity. If people have no confidence their information will remain safe online, they will—quite simply—be less willing to use the Internet, thereby jeopardizing future growth possibilities.

…for all of the Internet's transformational power, its future rests in part on one critical factor—cybersecurity.

Unfortunately, a series of high-profile cybersecurity failures and the Obama administration's feeble response to the growing threat have demonstrated real vulnerabilities in government and private systems, eroding public confidence in both the government and even the Internet itself. In June, I published some thoughts on cybersecurity, and at many town halls across the country I hear concerns from Americans about this threat.

This is an issue that gravely needs presidential leadership. Ultimately, we need Internet security, and a strong tech industry that can be leveraged to the public's benefit, in order to achieve high, sustained economic growth that will benefit everyone. Let's not mince words: in order to achieve 4% growth and the 19 million jobs that come with it, we need a vibrant and secure Internet. Here is my plan to achieve that, starting with tackling the cybersecurity challenge.

1. Place a Command Focus on Cybersecurity.

We need to recognize the reality that today we are under cyberattack and we are not keeping up with the threat. We also need to identify clearly the mission for government and the private sector: to work together to ensure the security of the Internet. The rapid expansion of information technology in the past several decades, coupled with both the open architecture of the Internet and poor cybersecurity practices, have contributed to a dramatic rise in cyberthreats to the nation. Last year, 60% of all targeted attacks struck small and medium-sized organizations, which often have fewer resources to invest in cybersecurity. In 2014, five out of every six large companies were targeted with spear-phishing attacks, a 40% increase over the previous year. Attacks against small and medium-sized businesses increased 26% and 30%, respectively. And these are just the attacks we know about. Many penetrations go unnoticed or unreported by companies that are victims of these attacks.

Effective cybersecurity starts with all of us—individuals, businesses, and the government—recognizing the importance of Internet security and our responsibility to help ensure its robust defense. Effective cybersecurity depends in large part on the protective measures one takes before a cyberattack. If we do not make cybersecurity a priority, we will continue to see major breaches and damaging attacks. Cybersecurity should be considered a critical element of our national defense and economic well-being.

Cybersecurity should be considered a critical element of our national defense and economic well-being.

2. Restore Accountability within the Federal Government.

The government should lead by example. We need presidential leadership to get government to take the cybersecurity threat more seriously, fix the vulnerabilities of government systems, and hold government leaders accountable for the security of information entrusted to their care. It is easy to give a speech about cybersecurity. What we need is unwavering leadership and determined implementation, including a concerted effort to work with Congress.

The intrusion into the Office of Personnel Management (OPM)—the human resources department of the U.S. Government—illustrates the cultural failure of the Obama administration to take these threats seriously. The OPM systems contain millions of personnel records—many of which included an intrusive and sensitive personnel questionnaire. OPM officials knew this data was valuable, sensitive, and vulnerable, but failed to take basic steps to protect it.

We need to change the culture of government, which is impossible absent presidential leadership. Leadership means not hiring political hacks or cronies for critical positions that involve cybersecurity. It also means holding executive branch officials accountable for their failure to prioritize cybersecurity and protect the networks under their care. The people who protect our systems are just as important as the technology itself.

The people who protect our systems are just as important as the technology itself.

The President also cannot allow cabinet secretaries and senior officials to violate rules and procedures meant to protect classified and national security-related government communications. It should not be too much to ask government officials to abide by the laws and rules in place to safeguard our national security. Secretary Hillary Clinton's growing email scandal highlights reckless behavior by officials entrusted with some of our nation's most sensitive secrets.

3. Increase U.S. Intelligence and Law Enforcement Cybersecurity Capabilities and Strengthen International Cooperation.

We need to preserve and enhance the capabilities of the U.S. Intelligence Community and law enforcement to identify, deter, and respond to cyberattacks as part of a national strategy to protect the country. This starts by undoing the damage that sequestration has done to the Defense Department and Intelligence Community and restoring funding to them. The National Security Agency and Cyber Command are on the frontlines of defending the United States against cyberthreats. We must stop demonizing these quiet intelligence professionals and start giving them the tools they need. The Federal Bureau of Investigation also needs more resources to fight back against the onslaught of cybercrime.

In addition, we must reform a convoluted acquisition process that imposes years of delays and inefficiencies in procuring new cybersecurity systems. The Defense committees of Congress are already working on acquisition reform—the President should work with these committees and others to ensure that a byzantine acquisition process is streamlined for cybersecurity defense technologies. The government could build upon some of the lessons learned by Secretary Bob Gates' efforts to reform parts of the inefficient and costly defense acquisition process.

The President should also prioritize cybersecurity in discussions and agreements with our allies and partners around the world. No one country can solve the cybersecurity problem, which is a global challenge. The need to protect sensitive systems from bad actors is a modern-day equivalent of securing the world's oceans for freedom of navigation, and just as nations came together to protect the seas, they should do so to secure the Internet. At the same time, the United States must retain a strong leadership position in Internet governance. For example, we should maintain oversight of the Internet Corporation for Assigned Names and Numbers (ICANN), which manages the Internet's domain name system.

We must also hold to account those who are stealing our nation's intellectual capital. Efforts to expose, prosecute, and in some cases retaliate against these actors will raise the cost of conducting such attacks and increase deterrence of future attacks. Such deterrence will be stronger if we work with partners to establish international rules of the road and get them to establish the legal framework necessary to prosecute cybercriminals.

4. Create Public-Private Partnerships to Improve Cybersecurity in the Public and Private Sectors.

The U.S. Government and businesses should work together as partners to improve cybersecurity in public and private sectors in a way that also respects citizens' privacy. Just as the government needs to pay more attention to cybersecurity, so too must the private sector. The government must do its part in getting its own house in order and then enable, empower, and expect the private sector to do the same. Some industries take this threat more seriously than others, and there are lessons to be learned from their experiences.

The country needs a President with the experience and trust necessary to mobilize public and private resources to enhance cybersecurity in public and private sectors. And to be clear, this will not be achieved with finger pointing and talking down to industries that have struggled with security while looking the other way as our classified information is handed over to state-sponsored cyberterrorists.

The country needs a President with the experience and trust necessary to mobilize public and private resources to enhance cybersecurity in public and private sectors.

At a minimum, the government should redouble efforts to: (1) reduce legal and technical barriers to cybersecurity information sharing between the federal government and private sector, and (2) promote best practices for the private sector, including voluntary cybersecurity standards (e.g., through the National Institute of Standards and Technology's ongoing work).

The House of Representatives has passed a bill to facilitate information sharing by, among other measures, providing liability protection to private-sector companies that share cyberthreat information with each other or with the government. Unfortunately, the bill languishes in the Senate due to opposition from Senate Democrats. The President should lean on these Democrats to allow this bill to come to the Senate floor for a vote.

5. Remove Barriers to Innovation in the Tech Industry.

As part of this national effort to improve cybersecurity, the government must not be an obstacle to innovation in the tech industry. The government's power to incentivize and empower must take precedence over its predilection to regulate and constrain. Because cyberthreats are always evolving, effective cybersecurity requires continuous innovation, which a flourishing tech industry provides.

We must remove regulatory barriers and red tape that prevent companies from developing new technologies, as well as encourage private and public research into cybersecurity.

We must remove regulatory barriers and red tape that prevent companies from developing new technologies, as well as encourage private and public research into cybersecurity. For example, regulatory barriers continue to make it extremely complicated, costly, and time-consuming for small companies to raise capital through the securities markets. The Securities and Exchange Commission should reassess existing regulations to further minimize the number and complexity of documents that must be filed before everyday Americans are able to invest in emerging companies. It should also work to ensure rules are in place to enable the creation of liquid markets for securities offered by startups. We need to transform immigration into an economically-driven system that retains and brings in highly-skilled immigrants. Such a system would help create startups and increase innovation. We must lower business taxes to encourage investment and hiring in the United States.

The Internet and innovation from the tech industry have enormous potential to help address public policy challenges. For example, digital connections between power plants, transformers, substations, and transmission lines allow for better management of the electric grid. With such networks, utilities are better able to anticipate, avoid, or respond to power outages. Using technology we can create a secure online credential for veterans that verifies their military service. Such a credential could allow instant access to medical records online, and help the private sector offer military/veteran discounts online. However, without a secure Internet, these types of initiatives may never reach their full potential. Our country, starting with the President and federal government, must recognize the cybersecurity challenge and dedicate itself to conquering it.

The Internet is one of the greatest innovations in history and has led to unrivaled opportunity and a great leveling of the playing field for all. I will be a President who works to actually bring people together from both sides of the aisle, as well as the public and private domains, to better address the very real threats confronting this critical global resource.