Cybersecurity: Where do Republicans and Democrats stand on threats?

While US defense officials are warning of the increased threat of cyberattack on strategic US targets, cybersecurity experts were underwhelmed by the parties' platforms on the issue.

US defense officials warn of the increasing threat of cyberattacks on the nation’s power grid, natural gas pipelines, and other strategic infrastructure, but what do the two political parties and their candidates know about these threats – and what will they do to thwart them?

The US could be hit with a "cyber Pearl Harbor," Defense Secretary Leon Panetta acknowledged in a June Senate hearing. Gen. Keith Alexander, who heads the Pentagon's new US Cyber Command, warned at a security conference in July that on a 1-to-10 scale, American readiness for a major cyberattack is “around a 3.”

Both political parties do recognize, at least, that such threats are quickly becoming a major new US national security problem for the 21st century – as warnings buried deep in their respective political platforms acknowledge.

The Democratic platform, on page 60, spends not quite 200 words on cybersecurity, with the GOP giving the topic twice as much space on pages 41-42. The Democratic script cites "unprecedented steps" taken by the Obama administration to defend America from cyberattacks, including creating the military's new Cyber Command.

By contrast, the Republican document chides the White House for an overreliance on "defensive capabilities" and talks of a crying need for government and business to do a better job of sharing threat information.

Raking over the platforms' statements for shreds of meaning, cyberexperts were alternatively impressed – and depressed.

Some of these experts were, for instance, reassured by the Republican Party's focus on developing US "offensive [cyberweapon] capabilities."

"For far too long, we have sat in the background hoping that our defenses hold up, while adversaries from China and the Eastern bloc steal American IP, and conduct cyber raids against our critical infrastructure," says Jonathan Pollet, founder of Red Tiger Security, a company that specializes in securing computerized control systems that open and close vital valves and switches in industrial settings.

"We are becoming weaker as a nation because of other nation state's aggressive stance on cyber security," he writes in an e-mail. "America must fight back to win, and the GOP statements show me that they actually understand current cyber issues."

Other experts, however, said Republican calls for more cyberoffense were hollow.

"The Obama administration, from the beginning, has implemented aggressive cyberwarfare deployments against Iran," writes John Michener, chief scientist at Casaba, a cybersecurity firm that works with Microsoft and others, in an e-mail interview. “The Democratic platform does not talk about this – and properly so. Cyberwarfare is typically very covert. Overt cyberwarfare is more likely to be responded to by more overt measures."

The Republican platform also says "we acknowledge that the most effective way of combating potential cybersecurity threats is sharing cyberthreat information between the government and industry, as well as protecting the free flow of information within the private sector." Several cybersecurity experts, however, say such calls have limits without mandates that require the capability to use the information.

"The information sharing that the Republican platform focuses on is a very minor issue," says Dale Peterson, CEO of Digital Bond, a control systems security firm in Sunrise, Fla. "There are plenty of vehicles in place for information sharing today, but organizations don't see any benefit in sharing.”

Robert Huber, co-founder of Critical Intelligence, an Idaho Falls-based expert in industrial control systems, says "information sharing between government and private entities appears beneficial on the surface; however, many private entities’ cybersecurity programs are not mature enough to ingest the information.... If your organization does not have the appropriate collection and logging systems in place, what are you going to do with this information?"

More telling, some said, was the Republican platform’s warning that a "costly and heavy-handed regulatory approach by the current Administration will increase the size and cost of the federal bureaucracy and harm innovation in cybersecurity."

That language is a direct echo of Congress's unwillingness to pass even weak, voluntary measures to strengthen cybersecurity for critical infrastructure. The House earlier this year passed an information-sharing-only bill. In the Senate, Republicans backed by the US Chamber of Commerce last month even blocked a bill that contained only watered-down voluntary standards for private infrastructure owners to meet.

"The Republicans basically replayed the Bush 2002 [anti-regulatory, voluntary] strategy, which was a complete flop," James Lewis, a cyberexpert with the Center for Strategic and International Studies, a Washington think tank, writes in an e-mail.

"There are some really smart people in the Romney campaign, so this is probably not the real policy, just a placeholder for the election, but designed to check the ideological boxes using a combination of advertising slogans and wishful thinking," Mr. Lewis adds. "I don't know if that means they couldn't agree internally and had to settle on the lowest common denominator or if they really believe that stuff about voluntary actions – some of them do, so I expect it was a mix of both motives."

But Democrats didn't fair much better as far as what they are asking for from industry, the experts said. The Democrat platform is basically "a mirror of the Senate bill that failed," writes Digital Bond's Mr. Peterson.

"In reality, the Department of Homeland Security has all the authority they need to make a difference," he writes. "The government has just refused to put out honest, detailed information about the problem and putting companies on record that they know about it and should fix it. This combined with the Securities and Exchange Commission disclosure requirements would put heat on C-level executives to fix the problem. No legislation is required for this."

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Cybersecurity: Where do Republicans and Democrats stand on threats?
Read this article in
https://www.csmonitor.com/USA/Politics/2012/0906/Cybersecurity-Where-do-Republicans-and-Democrats-stand-on-threats
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe