GOP presidential contender Jeb Bush criticized the Obama administration on Monday for a string of cyber security failures, including Hillary Clinton’s use of a private email server that contained classified information.
Bush, in a proposal aimed at improving cyber security to be unveiled in Seattle Monday, stated that Clinton should be held accountable for security lapses for using the private server while secretary of state.
The former Florida governor also faulted the Obama administration for the compromise of sensitive data on more than 22 million federal workers lost in the hacking of Office of Personnel Management (OPM) networks.
An advance copy of the cyber security proposal was obtained by the Washington Free Beacon. Bush is expected to discuss the plan during a meeting in Seattle Monday afternoon.
"Unfortunately, a series of high-profile cyber security failures and the Obama administration’s feeble response to the growing threat have demonstrated real vulnerabilities in government and private systems, eroding public confidence in both the government and even the Internet itself," the plan says.
"This is an issue that gravely needs presidential leadership."
Bush calls for restoring accountability within the government and closing vulnerabilities in computer networks.
On the Clinton email server, the plan urges the president not to allow cabinet secretaries and senior officials to violate rules and procedures meant to protect classified information and other national security communications.
"It should not be too much to ask government officials to abide by the laws and rules in place to safeguard our national security," the plan states. "Secretary Hillary Clinton’s growing email scandal highlights reckless behavior by officials entrusted with some of our nation’s most sensitive secrets."
"Leadership means not hiring political hacks or cronies for critical positions that involve cyber security," the proposal states. "It also means holding executive branch officials accountable for their failure to prioritize cyber security and protect the networks under their care."
The Bush proposal also favors tougher policies for dealing with cyber attacks.
"We must also hold to account those who are stealing our nation’s intellectual capital," the proposal says. "Efforts to expose, prosecute, and in some cases retaliate against these actors will raise the cost of conducting such attacks and increase deterrence of future attacks. Such deterrence will be stronger if we work with partners to establish international rules of the road and get them to establish the legal framework necessary to prosecute cybercriminals."
The Obama administration has rejected cyber counter attacks in response to foreign strikes, fearing retaliatory cyber attacks would escalate into a cyber war.
The administration instead has limited its responses to symbolic economic sanctions and law enforcement efforts, such as the May 2014 indictment of five Chinese military hackers.
The administration is said to be preparing additional sanctions on China for the OPM hack.
Some in the Pentagon and intelligence community have called for creating cyber deterrence through a series of demonstrations, such as hitting foreign hackers in targeted cyber counter attacks.
A White House spokesman declined to comment on the Bush proposal.
On the OPM hack, which U.S. officials have said was carried out by Chinese government hackers, Bush argues that the compromise of records, including background investigation information for security clearance holders, "illustrates the cultural failure of the Obama administration to take these threats seriously."
"The OPM systems contain millions of personnel records—many of which included an intrusive and sensitive personnel questionnaire," the plan says. "OPM officials knew this data was valuable, sensitive, and vulnerable, but failed to take basic steps to protect it."
Bush said some 60 percent of all cyber attacks last year hit small- and medium-sized organizations that lack resources to invest in cyber security measures. And in 2014, five of six large companies were targeted in "spear phishing" cyber attacks—the use of fraudulent emails to trick unsuspecting users into downloading malicious software and permitting unauthorized network penetrations.
The former governor believes the goal of reaching four percent economic growth and adding 19 million jobs requires a vibrant and secure Internet.
"It is easy to give a speech about cyber security," the plan says. "What we need is unwavering leadership and determined implementation, including a concerted effort to work with Congress."
Bush’s proposal calls for bolstering intelligence and law enforcement efforts to counter cyber threats, along with strengthening international cooperation.
"We need to preserve and enhance the capabilities of the U.S. intelligence community and law enforcement to identify, deter, and respond to cyber attacks as part of a national strategy to protect the country," the plan says.
A first step will be to reverse the damage caused by the Budget Control Act and resulting budget cuts that have damaged both the Pentagon and the intelligence community.
"The National Security Agency and Cyber Command are on the frontlines of defending the United States against cyber threats," the plan says. "We must stop demonizing these quiet intelligence professionals and start giving them the tools they need."
The FBI also needs more resources to deal with the increase in cyber crime.
Acquisition reform is also needed to improve security hardware systems.
Internationally, Bush is recommending increased discussions and agreements with allies and partners to better address cyber threats.
The United States must exercise "strong leadership" on the issue of Internet governance and maintain oversight of the Internet Corporation for Assigned Names and Numbers (ICANN), that manages Internet domain names, according to the proposal.
The Obama administration has discussed giving up U.S. control over ICANN and allowing the United Nations to take over, a proposal that has met with widespread opposition from those concerned about Internet freedom.
The governments of Russia and China are advocating giving local governments control over the Internet in their countries, a system that would undermine the free exchange of communications and commerce.
Bush’s proposal also calls for greater public-private partnerships to improve cyber security.
"The country needs a president with the experience and trust necessary to mobilize public and private resources to enhance cyber security in public and private sectors," it says. "And to be clear, this will not be achieved with finger pointing and talking down to industries that have struggled with security while looking the other way as our classified information is handed over to state-sponsored cyber terrorists."
Specifically, the Bush plan calls for reducing legal and technical barriers to cyber security information sharing and promote voluntary security standards.
For the private sector, Bush wants greater innovation for cyber security. "The government’s power to incentivize and empower must take precedence over its predilection to regulate and constrain," he said.
Regulatory barriers and bureaucratic red tape are preventing companies from developing new technologies.
Two areas where the Internet and tech industry innovation can improve security are within the electrical grid, and for authorizing veterans’ benefits.
A secure veterans credential would "allow instant access to medical records online, and help the private sector offer military/veteran discounts online."
"Our country, starting with the president and federal government, must recognize the cyber security challenge and dedicate itself to conquering it," Bush said.
"I will be a president who works to actually bring people together from both sides of the aisle, as well as the public and private domains, to better address the very real threats confronting this critical global resource," he said.
The security plan has support form Sam Palmisano, former CEO of IBM and chairman of the Center for Global Enterprise. "His approach would help restore the federal government’s credibility with the business community when it comes to cybersecurity and lay the groundwork for much needed public-private cooperation," Palmisano said.
Irving Wladawsky-Berger, vice president emeritus at IBM and a visiting lecturer at MIT, also backs the plan.
"I support his concrete proposals, and in particular, his call for addressing such a complex and important issue through a close collaboration between business, government, and our research communities," he said. "Our country’s economic growth and job creation are highly dependent on a dynamic and secure Internet."