Presidential candidate Hillary Clinton on Tuesday said that stalled cybersecurity legislation in Congress “doesn’t go far enough” to protect the U.S. from debilitating hacks sponsored by a cadre of foreign countries.
During a brief question-and-answer session with the press in Iowa, the front-runner for the Democratic nomination expanded to four the list of countries she has publicly charged with waging cyberwarfare that represents a serious commercial and national security threat
“It’s not only the Chinese. We know that other governments—Russia, North Korea, Iran—have either directly or indirectly sponsored hacking,” the former secretary of State said. “And we worry about terrorist organizations getting access to the capacity.”
Clinton—who grabbed headlines over the weekend by assailing China for “trying to hack into everything that doesn’t move”—added that legislation to expand the sharing of “cyberthreat data” alone between the government and private sector is not enough to thwart malicious activity.
“We’ve been trying to get a good plan going forward; we’re making a little bit of progress on that in the Congress. It is, for me, not enough,” Clinton said. “It doesn’t go far enough to try to have better coordination between the public and private sector.”
Clinton listed “cumbersome procurement and bureaucratic obstacles within the federal government” as other obstacles inhibiting cybersecurity, referencing the rocky roll-out ofHealthCare.gov in 2013 as evidence that government is in need of a technological overhaul that includes a more streamlined process for working with IT contractors.
Clinton did not clarify which specific info-sharing legislation she was referring to, however—or whether it alone would be a useful step forward. Two similar info-sharing bills easily passed the House earlier this year, and a Senate version, known as the Cybersecurity Information Sharing Act, has stalled after clearing the Senate Intelligence Committee on a 14-1 vote. A plan by Senate Majority Leader Mitch McConnell to attach CISA as an amendment to a defensive authorization bill backfired last month because Democrats refused to support it due to procedural concerns.
Privacy advocates and many computer experts have warned that expanding information-sharing would not do much to prevent or minimize cyberattacks, and that such legislation could actually embolden government surveillance by handing more data over to the National Security Agency.
Government officials have privately pointed to China as the culprit behind a massive data breach of personnel files at the Office of Personnel Management, a hack that has affected millions of current and former federal employees. Some lawmakers have also said China is to blame, although the Obama administration continues to resist accusing Beijing publicly.
Clinton’s comments are her most detailed about cybersecurity since officially declaring her White House bid nearly three months ago. She said Tuesday that her concerns about foreign nations hacking the U.S. date back to her tenure as secretary of State.
“It started with the grave concerns that a lot of American businesses had, that their most confidential information was being vacuumed up through intrusive hacking,” Clinton said. “It’s a serious threat to our commercial interests, to our intelligence interests, to our strategic interests.”