As it gets closer to election time in the United States, the presidential race has heated up. Amidst the arguments over what needs to be done about healthcare, education and defense, another issue has risen as a hot-button problem in this election: cybersecurity. Various attempts at legislation have been made to address the threat posed by cyber criminals, but U.S. politicians remain divided. President Barack Obama and Republican nominee Mitt Romney also have differing views on the issue.Federal face off: Cybersecurity
Federal Computer Week columnist Amber Corrin recently analyzed Romney and Obama in regard to their respective stances on digital security. Both sides believe it is a crucial factor to consider in the modern era, but that’s where the similarities end. Most points of contention revolve around what the government’s role should be in protecting privacy and web-connected critical infrastructure.
According to Corrin, the Republican party typically adopts a “hands off” approach to cybersecurity. The focus should be on allowing information sharing between businesses and the government, with some incentives to encourage the private sector to play nicely with the feds. The Grand Old Party also wants to place more responsibility with the government in protecting its own digital infrastructure. Critics of Romney’s stance say that voluntary information sharing simply doesn’t work and businesses that manage important infrastructure such as the power grid should be held accountable for cybersecurity.
“Cyber deterrence doesn’t work,” Jim Lewis, director and senior fellow at the Center for Strategic and International Studies told FCW in regard to voluntary information sharing. “This is a creaky retread from the Cold War.It’s legislation, not regulation, that blocks sharing, and Congress failed to fix it.”
Obama’s party, on the other hand, addresses those criticisms by supporting more government-enforced requirements and a federal review of critical systems. Corrin highlighted the creation of a military unit dedicated solely to cybersecurity as an example of Obama’s views in action. Under the Democrat’s cybersecurity platform, organizations would be held more accountable through government regulation a review. Critics say this would lead to the government abuses of power, and would be costly for many organizations that would have to upgrade their infrastructures in order to meet mandated security specifications.
“The Democratic platform calls for greater government engagement and involvement, but the imposition of mandates would be less effective because the government is not nimble enough to regulate in this area,” Paul Rosenzweig, visiting fellow at the Heritage Foundation, told FCW. “How much would the Democratic platform cost? Nobody knows. The Democrats couldn’t tell you before when [the bipartisan Cybersecurity Act of 2012] was being considered, and the same questions are being asked now.”
No money, more problems
Disagreements in the U.S. Senate have stalled cybersecurity legislation progress in the country, leading Senator Dianne Feinstein and journalist Richard Clarke to call on Obama to issue an executive order. According to Jody Westby, a contributor at Forbes, the president’s administration is considering the option. However, critics point out that such a tactic could do more harm than good.
Cybersecurity is a complex issue, and the introduction of politics further complicates things. An executive stance on the issue has the potential to be flawed, leading not only to more money being spent, but those tax dollars being used on ineffective solutions. But that isn’t the only concern that Westby highlighted.
“This kind of heavy-handed tactic satisfies a few but hurts the constituents that vote for these legislators and everyone else because it circumvents one of the most important functions of our government – the legislative process,” Westby wrote. “The votes were against the Cybersecurity Act of 2012. That is why it was not brought up for a vote before recess. It was a badly flawed bill … that surely would have cost the taxpayers and businesses a fortune to implement, without any real security gains.”
Do you think governments should have a more active role in cybersecurity? Should Obama issue an executive order to improve practices in the private sector?