Among the Republican candidates for US president, Jeb Bush is something of a cybersecurity policy wonk.
At least, Bush talks an awful lot about cyber issues, like encryption, the NSA, and the steady onslaught of cyberattacks over the past few years.
A few weeks ago, Bush made headlines when he said encryption employed by technology companies is making it harder to catch “evildoers.”
This week, Bush published a lengthy post on his website in which he lays out his proposals for strengthening cybersecurity, while calling for a more aggressive posture to “identify, deter, and respond to cyberattacks.”
Bush makes a strong case that cybersecurity is one of the most pressing issues the next US president will face.
He cites some alarming statistics – five out of six large US businesses were hit by spearphishing attacks last year, while attacks against small and medium sized businesses grew by 26% and 30%, respectively.
Who does Bush blame for the massive failure to protect Americans and US interests against cyberattacks?
President Obama and the Democrats, of course.
The US’s failure to prevent state-sponsored cyberattacks against key assets, including the government agency that acts as “the human resources department” for federal workers, has certainly been disastrous.
So now we have Bush’s five-point plan to address these failings.
He has some policy proposals that are likely to make Silicon Valley happy: Bush calls for lowering barriers to investment in start-ups, lower taxes to invigorate technology innovation, and immigration reform to allow more highly-skilled workers to come to the US.
But Bush’s call for giving more power to law enforcement and the National Security Agency is likely to be viewed as controversial in tech circles.
In the standoff over encryption, Bush is siding with the FBI and NSA, and opposite the Silicon Valley companies.
Tech giants Google, Apple, Microsoft and Facebook, among others, have moved swiftly to increase user data privacy since it was revealed in 2013 that the NSA was sweeping up internet communications on a grand scale.
Google and Apple now provide encryption by default on the latest versions of their smartphones, and it was recently reported that end-to-end encryption on Apple’s iMessage platform has frustrated US law enforcement’s efforts to wiretap suspect’s text communications in real time.
In his post this week, Bush said it’s time to stop “demonizing” intelligence officials at the NSA:
The National Security Agency and Cyber Command are on the front lines of defending the United States against cyberthreats. We must stop demonizing these quiet intelligence professionals and start giving them the tools they need. The Federal Bureau of Investigation also needs more resources to fight back against the onslaught of cybercrime.
Bush could also alienate some libertarians within his party by lending support to the Cybersecurity Information Sharing Act (CISA), which has been stalled in Congress for months.
Critics of that bill, which gives liability protection to companies that share threat information with the US government, have blasted it for inadequate privacy protections.
Dozens of pro-privacy groups, academics and security experts wrote a letter to Congress in March that criticized CISA for authorizing sharing of threat data with the NSA and “overbroad” use by law enforcement agencies.
Still, Bush’s proposals seem to be within the mainstream of Republican cybersecurity policy thinking in this election cycle.
Former HP CEO Carly Fiorina, for example, said tech companies need to tear down any “cyberwalls” that keep them from sharing data with the US government.
It would be good to see cybersecurity and privacy issues come up in the next Republican debate, as they did in a debate last month that featured a heated argument over the NSA’s wiretapping powers.
Bush probably hopes an emphasis on cybersecurity could give his campaign a boost – a certain Donald Trump is currently the front-runner by a wide margin.