Presidential candidates quiet on cyber policy

Federal cyber policy didn't come up during the first presidential debate. It likely won't come up in the next two either. But issues ranging from cybersecurity to privacy to regulation ought to be on the debate agenda, because there are some differences between President Obama and his Republican challenger, Mitt Romney.

Not that many in the information technology (IT) world are eager to talk about it. J. Nicholas Hoover wrote last week about six technology policy differences between the candidates in InformationWeek, in advance of a cloud computing conference next week. And the Information Technology and Innovation Forum (ITIF) published a white paper last month, titled "Comparing the 2012 Presidential Candidates' Technology and Innovation Policies."

Most security experts contacted by CSO Online declined to comment, saying they were "uncomfortable" with the topic, were trying to avoid direct comparisons between the candidates, were not aware of the positions taken by either one, couldn't comment in a balanced way or didn't want to be perceived as endorsing either one.

However, there was no such hesitation from Jody Westby, CEO of Global Cyber Risk, one of the few willing to comment. She said Obama, "has barely given more than lip service to cybersecurity. His 'cyber czar' does not report to him and Obama has issued fewer advisories on cybersecurity than the former President, Bush.

[In depth: Five must-do cybersecurity steps for Obama]

"The fact is, no one since President Clinton has given the Internet the attention that it deserves, focused on the contributions of the IT sector to the U.S. and global economy, and provided leadership on addressing the worsening state of cybersecurity," Westby said. "This issue is wide open for Romney and is one where he could assert U.S. leadership, significantly protect U.S. companies and change the dynamic with cybercrime."

Joel Harding, a retired military intelligence officer and information operations expert, wrote on his blog To Inform is to Influence: "Not only is there no coherent strategy for cyber defense at the national level, the old D.C. two-step shuffle is making entire Cabinet Departments ... useless."

He noted Homeland Security Secretary Janet Napolitano's recent announcement that she doesn't even use email, said another department had been "gutted," while another is "practically rudderless when it comes to actually doing the coordination, staffing and leading cyber efforts."

"Our political system has rendered the United States effectively to be cyber eunuchs," Harding wrote.

The ITIF was relatively low-key and even-handed in its compliments and criticisms. In general, the white paper authors, Stephen J. Ezell, Robert D. Atkinson, Daniel D. Castro, Richard Bennett, Matthew Stepp, faulted both candidates for being too narrow in their approach.

"Rather than adopt an 'all of the above' approach to innovation policy that includes corporate tax and regulatory reform as well as increased federal investment in research and development (R&D), digital infrastructure, and skills, the candidates stress policies from 'each column,' with Gov. Romney focusing more on the former and President Obama more on the latter. This is unfortunate," the paper said.

Those differences generally reflect the philosophical divide between Democrats and Republicans. Both candidates, and parties, have said they want to expand the reach of broadband access, but Romney contends he will accelerate the rollout of broadband.

Obama generally favors so-called "net neutrality," and the Federal Communications Commission's (FCC) Open Internet Rules, which say Internet service providers should not be able to restrict access, or the speed of access, to their networks. But Obama also supports exempting wireless networks from most net neutrality rules.

By contrast, the Republican Party platform calls net neutrality an attempt to "micromanage telecom as if it were a railroad network." Romney has said that it's not the role of government or the United Nations to "manage" the Internet -- that it should be left up to non-government stakeholders.

However, as Nicholas Hoover noted, "the Republican platform explicitly comes out for enforcement of laws against pornography online and for strengthening of laws against online gambling."

Both say that cybersecurity is a priority -- Obama is reportedly in the final stages of drafting an Executive Order to implement some of the provisions of the 2012 Cybersecurity Act (CSA), which failed to come to a vote in the Senate in early August.

The Obama administration also created the U.S. Cyber Command, expanded the role of the Department of Homeland Security and Democrats have been among the loudest voices in Congress calling for legislation that would require operators of critical infrastructure to meet security standards, and incentives to encourage private industry and government to share information.

But Romney has criticized Obama for being "overly reliant on defensive capabilities" instead of also using so-called "active defense," otherwise known as offense -- something that has been controversial among experts, some who say it is past time to get more pro-active with attackers. Others say it will simply lead to escalation.

On privacy, Democrats support the proposed "Consumer Privacy Bill of Rights" and a Do Not Track option, but at least some of the cybersecurity bills supported by Democrats drew loud objections from privacy advocates for their requirements on information sharing.

The Republican Party platform doesn't go into much detail, calling for ensuring that, "personal data receives full constitutional protection from government overreach and that individuals retain the right to control the use of their data by third parties."

And there is little daylight between the two on online piracy. Both opposed the Stop Online Piracy Act (SOPA), but Obama endorses both legislation to create new legal tools plus voluntary actions by the private sector, to combat foreign online piracy. Romney favors using existing laws to target online piracy, particularly from overseas.

Both Westby and Harding say action is more important than policy statements.

"If Obama issues the threatened executive order on protecting critical infrastructure, it will reveal how out of touch he is with the realities of cybersecurity and how poorly his administration has managed this issue," Westby said.

Harding said what is truly needed for cybersecurity "is for a president to say to China: 'Enough. Stop stealing our intellectual property, period.'

"If they continue, and we know they are but we lack the intestinal fortitude to actually voice those words, then we should disincentivize them," Harding said. "We should attach little 'limpet mines' to the intellectual property that is being stolen and tell it to send back a network and system map of where it is taken, then wipe the entire system clean. If possible, spread it to another system and wipe that clean, as well."

He urged sending the message, "If you're going to steal our stuff, be prepared to pay the price.'"

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

More videos

Blog Posts