The conversation around cybersecurity on the campaign trail largely focused on keeping elections safe, but the candidates have been slightly less straightforward on plans for the next term. The eventual winner must address the growing threat hackers pose to the U.S. electric grid, along with other critical infrastructure.
The differences in cyber policy between President Donald Trump and former Vice President Joe Biden rests on the classic party divide of just how much the American government should interfere in industry and foreign relations.
The candidates see value in protecting critical infrastructure and building a strong cyber workforce. Issues such as whether the federal government should get involved in data privacy and how the U.S. should approach adversaries varies.
Protecting critical infrastructure against foreign threats
The candidates are interested in efforts to keep American critical infrastructure safe from cyberattacks, with differing approaches to the task.
An early Trump executive order called on the federal government to strengthen the cybersecurity of its networks and critical infrastructure. The White House's national cyber strategy aims to define cybersecurity standards across industries.
Trump includes a "cybersecurity defense system" in the foreign policy section of his 2020 platform. The president and his administration are outspoken about cyberthreats from Chinese-sponsored hackers as the U.S. looks to implement 5G infrastructure.
The President also, in May, issued an executive order blocking the installation of bulk power system equipment sourced from adversaries of the United States. Experts say this is a tall order for the utility sector, which must now inventory components and software code that are often re-branded by vendors.
Biden wants to improve cybersecurity on infrastructure such as the electric grid and to maintain American capabilities to deter cyberthreats, according to his platform. "We will work with other countries — and the private sector — to protect individuals' data and defend critical infrastructure, including the global financial system," according to the platform.
Rather than Trump's approach to foriegn interference, which relies on facing off directly with cyberthreats, Biden is planning to work with American allies, partners and the private sector to secure 5G and U.S. infrastructure.
Establishing data privacy standards
In data privacy policies, Biden is calling for national data privacy legislation while Trump shys away from the idea.
"A Biden presidency, I think, would be more likely to think about national data breach laws to try and provide greater consumer protection and more uniformity across the states," said Darrell West, VP and director of governance studies at the Brookings Institution. "Trump would not be likely to support that kind of approach. He would stick with state level data breach laws."
In its work on consumer data privacy policies, Trump officials have called for balancing protection of individual privacy without additional burdens for industry. The Republican platform also raises concerns about the dangers of encryption intruding on the government's need to access information.
Adding national standards for data protection to the Obama administration's Consumer Privacy Bill of Rights, however, is listed in the Democratic platform. Biden also told The New York Times he would be interested in setting privacy standards "not unlike the Europeans are doing."
While new hoops to jump through initially feels like a burden on the private sector, it may actually be more convenient than the state-based system for data privacy law in place, said Cristin Monahan, cyber vault fellow at the National Security Archive.
"In the long term, I think it's to the benefit of private industry to have one national data privacy law, and potentially have a seat at the table when those regulations and standards are being discussed, rather than be tasked to comply with potentially 50 different standards," Monahan said. "I think that would be a net benefit for consumers as well."
Building a tech and cyber workforce
To support the innovation and collaboration efforts, the candidates are looking at ways to build the tech and cyber workforce for the future.
Showcasing interest in building a federal tech workforce, a Trump executive order in June called for skills-based, rather than degree-based, hiring specifically for jobs related to emerging technologies. A May 2019 Trump executive order called on the federal government to maximize IT and cybersecurity capabilities of the American workforce through civilian agency efforts.
In another Trump workforce effort, a collaboration with the National Science Foundation, the Department of Energy and the White House Office of Science and Technology Policy established 12 hubs for R&D workforce development in emerging tech.
Despite those workforce efforts, the Trump administration has also restricted immigration through H-1B visas, limiting the number of highly skilled tech workers moving to the U.S.
Biden said in a June townhall ending H-1B visas "will not be in my administration." In his 2020 platform, Biden promises to support "expanding the number of visas offered and eliminating the limits on employment-based green cards by country" under a reformed visa system that protects workers.
Biden's platform underscores an interest in investing in tech career pathways for under-represented communities in the field, specifically women and workers of color. Through funds sponsored by the Department of Labor, the federal government would invest in digital, statistical and technological skill training programs, according to the platform.
Cybersecurity on the offense
The Republican National Committee decided to hold onto its 2016 platform rather than updating it for the upcoming election. This decision leaves out key areas the Democratic platform addresses such as election security, but includes a call for cyber "stand your ground" policies allowing citizens to strike back against attackers, according to Monahan.
The idea was also introduced in the Active Cyber Defense Certainty Act introduced by Rep. Tom Graves, R-Ga. Under the legislation, an individual hit by a cyberattack would be allowed to instigate cyber retaliation against the hacker without being criminally prosecuted for computer fraud.
On the surface, this seems like a way to deter cyberattacks and allow for a sense of justice for the victims, however, "What happens when, in self defense, you shoot the cyber equivalent of a bullet through your neighbor's wall and damage the network or system of an innocent bystander?" Monahan said.
Biden and the Democratic platform haven't been as straightforward on offensive cybersecurity tactics. The campaign has said it will strategize to deter cyberattacks and Biden's campaign website states his administration will "impose substantial and lasting costs" on any state-based actor interfering with election security.
Debate around whether the enforcement of Section 230 should continue is a common thread in tech policy conversations this election cycle largely due to censorship and misinformation allegations on social media.
Section 230 of the Communications Decency Act protects social media platforms and websites from liability for what users post and allows those platforms to remove any objectionable content regardless of the First Amendment, with some exceptions.
No matter who wins in November, Section 230 reforms are likely in the coming years, but it's hard to predict what exactly that would look like, said Cristin Monahan, cyber vault fellow at the National Security Archive.
"Both President Trump and former Vice President Biden have said that they want to get rid of certain protections under Section 230 with President Trump going as far to issue the executive order on preventing online censorship," Monahan said.