Despite decades of increasingly high-profile cyber attacks against infrastructure, military and government targets, cyber security has been perceived as a political ‘Cinderella’, barely getting a mention in any party’s manifesto.
During the run-up to the 2012 US presidential election, against a background of increased public awareness and industry calling for government-coordinated action, signs suggest this is the year that cyber security finally gets to go to the ball.
Broadly speaking, the two main candidates’ tactics for cyber security reflect their wider defence attitude – Romney accuses Obama of a weak approach and advocates going in all guns blazing, whereas Obama favours building on legislative efforts already underway, but with sturdy funding less available to traditional warfare.
Obama – taking the cyber threat seriously
In July, Obama wrote an article headed "Taking the Cyber Threat Seriously" for the Wall Street Journal in which he described the cyber threat as "one of the most serious national security, public safety, and economic challenges".
His Democratic administration has acted on this gravity, creating the US Cyber Command (USCYBERCOMMAND), under the US Strategic Command and led by the Armed Forces, reflecting its military responsibility. The cyber responsibility of the Department of Homeland Security has also been enhanced.
Not all the Democratic Party’s efforts have been so successful – a bid to legislate that some businesses should take action to ensure their own IT security failed earlier this year. However, a Presidential directive is being formulated to defend against immediate threats, gather intelligence about the full spectrum of potential threats and strengthen the future cyber security environment through education and research, all in line with constitutional civil liberties.
Romney – protecting data from government overreach
Romney’s Republicans suggest the Obama administration is "overly reliant on the development of defensive capabilities and has been unsuccessful in dissuading cyber-related aggression." The implication is Republicans favour creating cyber weapons as a deterrent, specifically against state-sponsored cyber attacks. However, some analysts warn the deterrent concept is a Cold War notion that does not translate to 21st century computer warfare.
Recognising the Democrats’ failure to pass corporate cyber responsibility into legislature, the Republicans instead want to incorporate upgraded cyber measures into the Federal Information Security Management Act. However, the recommendations for private industry would be voluntary, rather than mandatory.
The GOP supports a hands-off approach to personal data, protecting it from "government overreach", enabling individuals to decide how third parties can use it. Protecting against private-sector intellectual property theft also features in its proposals.
Come 6 November, US voters will decide which presidential candidate is better-suited to the most powerful job in the world. The effects of the new or returning president’s cyber security policy are unlikely to be one of the earliest reported spheres of influence, but given the mounting significance of cyber security in protecting everything Americans and the rest of the world hold dear, its influence will be widely felt, sooner or later.
The Stuxnet worm is the most high-profile recent example of the sophistication of modern cyber attacks.
Cyber warfare as the 21st Century version of a nuclear holocaust has gripped both public and lawmakers imaginations.
Despite high security, defence companies and the military are waging war against increasingly hostile cyber attacks.