Romney, Obama need to discuss the threats to cybersecurity

The presidential candidates agree the risk of a devastating ???cyber-Pearl Harbor??? is very real but their solutions to address the threat are far apart.  That makes this hot topic ripe for questions in the upcoming debates.

The chasm separating the candidates on cyber-security is ideological, much as their differences on other issues like the economy.  President Barack Obama favors a big-government approach while Gov. Mitt Romney, if he is like most congressional Republicans, opposes giving Washington more leverage over the private sector.

This issue is ripe for the upcoming presidential debates because cyber-security was in the news last week.  The secretary of defense gave a sobering speech on the escalating cyber threat and the press reported President Obama may soon release a cyber-security executive order bypassing the Senate???s legislative logjam on the issue.

Last Thursday Defense Secretary Leon Panetta issued what he said is a ???clarion call??? in a speech at the Intrepid Sea, Air and Space Museum in New York. Americans must wake up to the likelihood of a ???cyber-Pearl Harbor??? and our increasing vulnerability to foreign hackers plotting attacks on the nation???s critical infrastructure, warned Panetta.

Hackers ???could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals ??? contaminate the water supply in major cities, or shut down the power grid,??? Panetta said.  The secretary said his warning comes on the heels of a recent wave of cyber-attacks on large American financial institutions and the August 2012 assault on the Saudi Arabian State Oil Company Aramco, which destroyed 30,000 computers and ???replaced crucial systems files with an image of a burning U.S. flag.???

Panetta said we must not wait for the ???crisis to happen??? which ???we tend to do.???  He warned ???We are now in a world in which countries are developing the capability to engage in the kind of attacks that can virtually paralyze a country.???  Russia, China and Iran are developing the greatest capabilities, according to the former CIA director.

The secretary said ???potential aggressors??? are probing America for weaknesses and beginning to ???exploit transportation systems, power systems, and energy systems.???  ???Our concern is that in doing that kind of exploration, they???re doing it for the purposes of determining how they could attack,??? Panetta surmised.

Part of Panetta???s reason for speaking out is to generate public pressure on lawmakers to act and encourage private companies to get serious about the threat.  U.S. businesses are slow to make necessary investments to protect the nation???s critical cyber infrastructure which is why Panetta accuses them of waiting for an ???electronic Pearl Harbor??? to justify their security investment.

But Panetta???s remarks are primarily targeted at Capitol Hill.  He wants legislated requirements for critical private sector infrastructure facilities like power plants where hackers could cause significant economic damage.  But in August the Democrat-sponsored and Obama endorsed Cybersecurity Act of 2012 which would grant the Department of Homeland Security responsibility to oversee cyber-security and set ???cyber-security performance requirements,??? was blocked by Republicans, led by Senator John McCain (R-Ariz.), who said it would be burdensome for corporations and would create another bureaucracy and more unnecessary regulations.

Now, according to Reuters, because the Senate failed to pass the Democrats??? cyber-security bill, Obama may sign an executive order before the November election that would unilaterally impose more mandates and regulations on the private economy.  Word of the likely executive order earned the president an objecting letter from six Republican senators led by Senator McCain.

The senators discouraged Obama from signing an executive order.  They wrote ???The gravity of this [cyber] threat requires a genuine bipartisan effort to advance legislation, not a selective and unilateral executive order.???  A presidential order ???cannot provide the incentives to encourage private sector participation and the requisite information sharing to address evolving threats.???

Further, the senators cautioned Obama ???an executive order will solidify the present divide.  Only the legislative process can create the durable and collaborative public-private partnership we need to enhance cyber-security.???

The Republicans want to follow the lead of the U.S. House of Representatives and pass a strong information-sharing bill that includes liability protections that allow business and government to better share cyber information, which was the core of the Republican Senate bill, the SECURE IT Act.

Mr. Panetta, who is anxious for action, favors for now a presidential executive order that would promote information sharing, but he acknowledged private companies are typically reluctant to share internal information with the government and might have to be forced by law.

The fact is private firms are reluctant to share information because they are legally constrained by anti-trust laws and due to restrictions on the kind of information that can be shared with the government.   Unless these constraints are removed, which is addressed by the SECURE IT Act, any private-government sharing would be slowed or non-existent.

Mr. Romney has not publicly endorsed the Senate Republicans??? bill but his presidential platform reflects similar views in its criticism of Obama???s cyber-security policies.  It labels Obama???s cyber-security policies ???unsuccessful in dissuading cyber-related aggression,??? ???costly and heavy handed??? and says it will ???increase the cost and size of the federal bureaucracy and harm innovation in cyber-security.???

Romney???s only official cyber-related statement is found at his campaign website which promises within his first 100 days in office he will ???Order a full interagency initiative to formulate a unified national strategy to deter and defend against the growing threats of militarized cyber-attacks, cyber-terrorism, cyber-espionage, and private-sector intellectual property theft.??? That is not a policy position but his platform???s strong opposition to Obama???s policy means Romney stakes out an opposite approach to the president which he should unequivocally outline and defend in an opinion article like Mr. Obama???s July 19th Wall Street Journal piece, ???Taking the Cyber Attack Threat Seriously.???

The easiest policy fix for Romney is to simply endorse the Senate Republicans??? SECURE IT Act or the four bills passed by the Republican-controlled House this April.

Both candidates agree America faces potentially devastating cyber-attacks, but they differ on the approach.  Mr. Obama???s position is well known but Mr. Romney can help himself on this issue by publishing his cyber-security policy views, endorsing Republican congressional bills and/or preparing a clear answer when the question inevitably comes up in the debates.