Cybersecurity has edged into the 2016 presidential campaign, with a policy speech by Jeb Bush and congressional moves that could force other contenders to show their hand on an issue that often pits security concerns against privacy protections.
Bush, the former Republican governor of Florida, in June took advantage of the uproar over the hacking at the Office of Personnel Management to unleash a broadside against President Obama's entire approach to cybersecurity.
"The president can issue an executive order or give a speech about cybersecurity, but without sustained leadership and determined implementation — including a concerted effort to work with the Congress — we will not adapt to meet the growing threats," Bush said in a post at Medium.com. "Recent high-profile intrusions into private and government networks suggest we are not meeting this challenge."
The OPM breach, attributed to China and affecting millions of current and former federal employees, demonstrated that the Obama administration was not taking cybersecurity seriously, according to Bush. Where was the accountability, he asked.
"What consequences will there be for political appointees or bureaucrats who failed to heed warnings and adequately protect these key databases?" Bush said in the post. He cited a "cultural failure" within the administration.
The candidate called for bolstering both defense and intelligence budgets to help grapple with cybersecurity and lamented criticism of the National Security Agency over its surveillance activities affecting U.S. citizens.
He ripped the president for failing to collaborate with the private sector, and cited Democratic intransigence as the chief obstacle to cybersecurity information-sharing legislation in the Senate over the past three Congresses.
"President Obama should step up, show some leadership, and work with Congress to pass this legislation — a key step towards creating a more robust public-private partnership," Bush wrote.
Bush looked overseas for inspiration on cybersecurity policy. He expressed admiration for Estonia's plucky, advanced approach to cybersecurity in the aftermath of a 2007 Russian cyber attack.
"But the Estonians picked themselves up and, with leadership and serious effort, turned their vulnerability into a strength," Bush wrote. "Today, Estonia is at the forefront of the internet economy and a leader not only in connecting its citizens but also in protecting their data and networks from intrusion."
Back at home, it must be noted that Obama's cybersecurity strategy has deep roots in the approach first advanced by the administration of Jeb's brother, former President George W. Bush.
The Obama administration built up from the work of the George W. Bush administration in emphasizing a public-private partnership model on cyber. The earlier Bush administration, in fact, often appeared more inclined than its successor to pursue a command-and-control regulatory approach to cybersecurity.
The centerpiece of the Obama strategy has been the development of the voluntary framework of cybersecurity standards by the National Institute of Standards and Technology.
Industry groups that frequently tangle with the Obama administration across multiple policy areas have generally praised the president for launching the NIST effort and sticking to his commitment to let industry lead on the issue.
Likewise, the history in Congress isn't quite as clear-cut as Bush suggested: Senate Republicans filibustered cyberlegislation in 2012, while Democrats refused to let a bill advance last year.
This year, the White House has supported passage of both the House and Senate info-sharing bills, with an eye toward a final round of negotiations to iron out some significant remaining policy differences.
Democrats blocked a vote on the Senate bill last month in a procedural dispute, but stressed that many would support passage of the measure if votes on amendments were allowed.
While Bush spelled out some of his cybersecurity principles on Medium.com, his rivals for the GOP nomination who happen to serve in the Senate were asked twice in June to take a stand on cyberissues.
Early in the month, Sens. Rand Paul of Kentucky and Marco Rubio of Florida were among the 30 Republicans who voted against final passage of the USA Freedom Act that reformed NSA practices. Rubio charged that the bill went too far in restricting U.S. intelligence efforts; Paul said it didn't go far enough.
Sen. Ted Cruz of Texas voted in favor of the reform while Lindsey Graham of South Carolina didn't vote.
Days later, Paul opposed Majority Leader Mitch McConnell's (R-Ky.) efforts to attach cyber information-sharing as an amendment to the National Defense Authorization Act, while Graham voted in favor of the proposal. Cruz and Rubio didn't vote.
They may get another chance if McConnell is willing to schedule the long-stalled cybersecurity info-sharing bill for a vote in July as a standalone measure.
Paul has lumped the cybersecurity legislation into a basket of issues that he says represent government overreach and dangerous infringement of individual rights. His chief alley on the Senate floor during a cybersecurity debate might be liberal Sen. Ron Wyden (D-Ore.).
But the other Senate Republican presidential candidates are likely to vote in favor of a cybersecurity info-sharing bill.
More complicated and difficult votes for the GOP senators may come on the question of adequately funding the government's cybersecurity efforts, including a push to accelerate deployment of advanced cybertools that might've prevented the OPM breach in the first place.
Charlie Mitchell is the editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers.