Cybersecurity: Where do Republicans and Democrats stand on threats?
While US defense officials are warning of the increased threat of cyberattack on strategic US targets, cybersecurity experts were underwhelmed by the parties' platforms on the issue.
(Page 2 of 2)
The Republican platform also says "we acknowledge that the most effective way of combating potential cybersecurity threats is sharing cyberthreat information between the government and industry, as well as protecting the free flow of information within the private sector." Several cybersecurity experts, however, say such calls have limits without mandates that require the capability to use the information.Skip to next paragraph
Subscribe Today to the Monitor
"The information sharing that the Republican platform focuses on is a very minor issue," says Dale Peterson, CEO of Digital Bond, a control systems security firm in Sunrise, Fla. "There are plenty of vehicles in place for information sharing today, but organizations don't see any benefit in sharing.”
Robert Huber, co-founder of Critical Intelligence, an Idaho Falls-based expert in industrial control systems, says "information sharing between government and private entities appears beneficial on the surface; however, many private entities’ cybersecurity programs are not mature enough to ingest the information.... If your organization does not have the appropriate collection and logging systems in place, what are you going to do with this information?"
More telling, some said, was the Republican platform’s warning that a "costly and heavy-handed regulatory approach by the current Administration will increase the size and cost of the federal bureaucracy and harm innovation in cybersecurity."
That language is a direct echo of Congress's unwillingness to pass even weak, voluntary measures to strengthen cybersecurity for critical infrastructure. The House earlier this year passed an information-sharing-only bill. In the Senate, Republicans backed by the US Chamber of Commerce last month even blocked a bill that contained only watered-down voluntary standards for private infrastructure owners to meet.
"The Republicans basically replayed the Bush 2002 [anti-regulatory, voluntary] strategy, which was a complete flop," James Lewis, a cyberexpert with the Center for Strategic and International Studies, a Washington think tank, writes in an e-mail.
"There are some really smart people in the Romney campaign, so this is probably not the real policy, just a placeholder for the election, but designed to check the ideological boxes using a combination of advertising slogans and wishful thinking," Mr. Lewis adds. "I don't know if that means they couldn't agree internally and had to settle on the lowest common denominator or if they really believe that stuff about voluntary actions – some of them do, so I expect it was a mix of both motives."
But Democrats didn't fair much better as far as what they are asking for from industry, the experts said. The Democrat platform is basically "a mirror of the Senate bill that failed," writes Digital Bond's Mr. Peterson.
"In reality, the Department of Homeland Security has all the authority they need to make a difference," he writes. "The government has just refused to put out honest, detailed information about the problem and putting companies on record that they know about it and should fix it. This combined with the Securities and Exchange Commission disclosure requirements would put heat on C-level executives to fix the problem. No legislation is required for this."