Cybersecurity
Last week, I rolled out my blueprint to take our country back. It is a list of the most important problems that we must solve so that we can take our country back from the career politicians who have hijacked it, slowed it down, and turned it into a bloated bureaucracy that only works for the big, the powerful, the wealthy, and the well-connected.
It is a strategy for us to work together to return this nation to what our Founding Fathers intended: a citizen government.
Our government today does not belong to the people. It does not serve the people. It is bloated, corrupt, and inept. The very character of our nation is threatened and the world is becoming a more tragic and dangerous place because we are not leading.
It is this last issue that I want to talk about today. In my Blueprint, I say that my priority is to defeat ISIS and put America back in the leadership business. Because that is what we must do. They are at our shores and now they are in our community centers and their measure of victory is the body count.
I am angry. I am angry that this President and Hillary Clinton do not understand this threat and refuse to call it radical Islamic terrorism.
I am angry that Hillary Clinton dares to ask “what difference does it make” how four Americans died in Benghazi. And then she tells us that we must empathize with our enemies. Mrs. Clinton, when the United States does not answer a purposeful terrorist attack on our embassy with a purposeful and powerful response, but instead blames a video, you invite more terrorism and bloodshed.
I am angry that Barack Obama and Hillary Clinton declared victory in Iraq in 2011, abandoned all our hard-won gains for political expediency and contrary to the advice of our generals, thus leaving vast swaths of territory and too much weaponry to be gobbled up by ISIS.
I am angry that President Obama unilaterally decides that we’ll accept thousands of Syrian refugees while his administration admits we cannot determine their ties to terrorism.
Mostly I am outraged because the murder, mayhem, danger and tragedy we see unfolding in Paris, Beirut, San Bernardino, are the direct consequence of this administration’s policies. You cannot lead from behind.
No, Mrs. Clinton. No, President Obama: climate change is not our most pressing national security challenge.
Our most pressing national security threat is radical, Islamist terrorism around the world and here at home — both lone wolves and packs of wolves. ISIS is an evil that must be confronted. It must be destroyed.
***
Today, as we talk about technology and how to use it, I want to talk about a critical piece of our strategy to defeat ISIS and restore American leadership in the world: cybersecurity.
Like too many other foreign policy priorities, President Obama and Hillary Clinton have refused to see what is in front of them when it comes to cybersecurity: that the United States is woefully unprepared for cyberterrorism. That we are vulnerable. And that while we sit idly by, our enemies are building their capabilities. They are consolidating power.
Our strategy for approaching cybersecurity is based on a document from 2011 that hasn’t been updated. That means it has been out-of-date for years now. Having operated at the highest levels of the tech world for many years, I can tell you: if you wait four years to move, you’re going to lose. In January 2011, the first iPad was not even a year old. Snapchat didn’t exist. Instagram was not a part of our lexicon.
The fact that we have not updated our cybersecurity strategy since then is unconscionable.
Meanwhile, our adversaries and our enemies have not been sitting on their hands. In China, Xi Jinping has made cybersecurity a central component of his regime, creating a centralized council on cybersecurity that he leads. He says that there is no national security without cybersecurity. He’s right.
The Russian government has hacked the White House and the State Department, gaining access to sensitive information about the President’s schedule and emails. This summer, they hacked into the Pentagon and accessed emails from the Joint Chiefs.
Worse, our adversaries recognize this American weakness and are working together to consolidate their power in the wake of our failures. In May, China and Russia signed an extensive cybersecurity pact in which they agreed they that they will not hack each other’s government systems and that they will work together to ensure effective censorship of their people.
And it is not just governments that are working hard to advance a technological agenda that threatens the United States. ISIS is getting better and better at using encrypted communications to recruit and radicalize within our country — and encouraging those recruits to carry out attacks. Our own FBI Director tells us that ISIS now knows how to effectively make their recruits disappear online. And they’ve established around-the-clock help desks to pass all of this technological information and training along to other terrorists.
Just hours before the Paris attacks began and against all the evidence, President Obama declared ISIS “contained” and took a victory lap. After the tragedy in San Bernardino, he spoke from a podium in the Oval Office but offered no strategy and no leadership. Vintage Obama. This is not a JV team, Mr. President. They are not contained. They are learning where we are vulnerable and they are exploiting it.
And we are vulnerable. The former head of the U.S. military’s cyber-command, Keith Alexander, tells us that we are woefully unprepared to handle an attack on our critical infrastructure, which could shut down our economy and people’s day-to-day lives. The Director of National Intelligence admitted that we have basically no U.S. cyber deterrence.
***
It does not have to be this way. We are the world’s leader in innovation and entrepreneurship. We are home to Silicon Valley, to Google, to the iPhone.
Having led the world’s largest technology company, I know what it will take for America to lead in this realm. We have the talent and the capabilities. We now need a leader who will work with the citizens of our nation to channel those talents into solving one of the most urgent national security challenges of our time.
The first thing we need to realize is that this battle will not be won in Washington, D.C. Right now, private sector companies can and should take the lead on cybersecurity — but the government continues to get in the way. We need to remove burdensome regulations that keep companies from fighting cyberattacks on their own — and we need to stop the government from turning these incidents into “crime scenes” that companies can’t touch.
Encryption is an important tool. But the conversation going on now in Washington is, as usual, missing the point. As I’m sure many of you have seen time and again, the political class wants to dictate on a subject they don’t understand. They want to tell you we must either revamp the Patriot Act — a law from 14 years ago — or there’s nothing we can do. That is a false choice. Technology has moved on.
I spent my career in the technology industry. Michael Hayden called me after September 11th. He said he needed help. A tractor-trailer of HP product was heading to retailers in the DC area. After the call, we told the driver to pull over. From there, an NSA police car provided our driver an armed escort to NSA headquarters in Fort Meade, Maryland. The point is — when it comes to protecting our national security — technology experts should be and can be a partner.
Instead of arguing about a law that is 14 years old, I will gather our top technology leaders — the best and the brightest — and not a room full of politicians. Because our national security will be strengthened when we empower individuals and companies to protect their own data and information while giving our national security experts the tools they need to protect our country.
We also need to facilitate better information-sharing between private sector companies and the government. That doesn’t mean that we ask companies to share personally-identifiable information that threatens individual customers’ privacy. We simply need to ensure that private companies and the government have the ability to communicate about critical national security issues — and that the private sector can share that information without fear of frivolous lawsuits.
And where the government is going to get involved in cybersecurity, it needs to be done in a smart, coordinated, timely way. For example, we need to give the NSA access to all of the information it needs to effectively investigate San Bernardino as soon as possible. Senator Tom Cotton has proposed legislation that will do this. Representative Michael McCaul also outlined a number of common-sense proposals to address this crisis today. We know what needs to get done. We just need the political willpower and leadership to pass this legislation and implement these reforms.
But this will not be enough. As President, I will establish a central command and appoint a director who is empowered to manage cybersecurity across the government. They will be responsible for developing an effective, up-to-date strategy that will show our adversaries that we are serious about cybersecurity.
Today, our approach to cybersecurity lacks many of the most basic elements that we require of private sector companies. We know a big factor in the OPM hack was a lack of two-factor authentication, something that has been standard industry practice for years. As usual, government is holding itself to a different, lower standard. That is unacceptable.
We must send a clear signal to our adversaries that repeated, aggressive hacking will not be tolerated. That starts with the development of a serious strategy. But it also means that we have to be willing to push back. This President has not done that. When we learned that China had hacked into our systems, President Obama had a state visit. When we held recent economic dialogues with China, we agreed on over 100 different things — including wildlife trafficking and volcano research. None of these 100-plus points of agreement addressed cybersecurity. China sees this and knows that they can push ahead with an aggressive economic and military agenda because they are not being challenged.
***
Here is the point: We must defeat ISIS and put America back in the leadership business. That will only happen when we have and implement an effective cybersecurity strategy. This administration has weakened our national security and it has all but ignored cybersecurity — allowing foreign governments and terrorists to attack private companies and infiltrate our national security apparatus.
There is a lot we must do and all of it will require leadership. We must have a president who understands technology — both as a tool and as a weapon. And, no, you don’t wipe a server with a cloth, Mrs. Clinton. We must have a president who will engage with our nation’s best and brightest technology minds. I do and I will. Because innovation led by citizens is the answer — not stagnation led by bureaucrats. And so with your support, we will take our country back.
God bless you and may God continue to bless the United States of America.
