Jeb Bush plans to hold government IT managers accountable
In an op-ed for Business Insider, the GOP presidential candidate called for "the federal government must put its own house in order, prioritizing to reflect the urgency and importance of protecting key databases and communications."
The former Florida governor has plans to hold federal IT managers accountable for breaches that take place on their networks.
Federal IT made an unlikely appearance in the Republican presidential campaign this week, as former Florida Gov. Jeb Bush called for the government to bolster its cyber defenses by holding negligent agency chiefs and "poorly performing IT managers" accountable.
"If it is to lead the way in addressing these threats, the federal government must put its own house in order, prioritizing to reflect the urgency and importance of protecting key databases and communications," Bush wrote in a Jan. 12 op-ed for Business Insider.
If elected president, Bush pledged to give the private sector current threat information and "a legal framework that better allows it to defend itself." That last line could be broaching the gray area of "hacking back," when hacked firms go on the offensive. It is a move the Obama administration has hitherto discouraged, and is for the most part illegal under current law.
Bush, a onetime leading candidate who has since faded in the polls, has been outspoken on cybersecurity issues. His pronouncements on the subject include a call for federal agencies and boardrooms to prioritize cybersecurity, and for increased resources for the FBI to fight cybercrime. He has also characterized the unaddressed security vulnerabilities that led to the hack of the Office of Personnel Management "emblematic of the cultural failure of the Obama administration to take these threats seriously."
Bush’s op-ed proposed a proactive approach to cyber-threat detection by regularly scanning networks and sharing threat signatures. The Obama administration is taking those steps via programs such as Continuous Diagnostics and Mitigation, and the Einstein intrusion-detection and blocking system.
Bush described the recently passed cybersecurity information-sharing legislation "a step forward, but more needs to be done."
He also agreed with the administration’s decision to negotiate a cyber accord with China, but cited evidence that Beijing had already violated it. Enforcing such agreements requires a willingness to "impose meaningful consequences," Bush wrote.
NEXT STORY: McCain slams White House’s cyber deterrence plan