By Misty Blair
Today, people are laser-focused on who will win the U.S. presidential election, President Barack Obama or Governor Mitt Romney. And, though cybersecurity has been a hot topic in the last year, for the time being it has been displaced from the 24-hour news cycle with political punditry, which has reached a fever pitch heard (thankfully) only once every four years.
Rest assured, however, that the “hacktivists” are not pausing from their nefarious activities to await the exit polling and election returns with the rest of us. Indeed, just yesterday, the hacker collective Anonymous marked Guy Fawkes Day (“Remember, Remember, the Fifth of November”) with cyber attacks against governments and financial institutions, and demonstrations in London, Washington, D.C., and other cities worldwide.
In the spirit of this day, we may ask ourselves how the results of the election will affect the landscape of cybersecurity for the next four years. The answer is that there may not be that many differences. While President Obama would likely continue his path of addressing cybersecurity through legislation and regulations, a President Romney would likely not shy away from similar actions.
To be sure, Mr. Obama has been busy in his first term. On the cybersecurity front, he and his administration issued a Cybersecurity Policy Review with a 10-point action plan in 2009, formally established a cooperative approach by the Department of Defense and Department of Homeland Security to address cyber threats in 2010, and most recently backed the Cybersecurity Act of 2012 in the Senate. Following the failure of the CSA to gain cloture, the administration has openly discussed its plans to issue an executive order establishing a set of voluntary security standards for critical infrastructure to meet.
So, if Mr. Obama wins re-election today, should we expect the issuance of the executive order tomorrow? Not so fast. As of October 25th, Homeland Security Secretary Janet Napolitano cautioned that Mr. Obama had not yet had the opportunity to review the draft of the executive order, as he has been occupied with campaign activities. Based on his presidency thus far, however, cybersecurity appears to be a priority that will undoubtedly feature in his second term. This leads us to the next question.
If Mr. Romney wins the election today, should we expect the issuance of the executive order before the end of Mr. Obama’s term? That is a strong possibility, but there is also a possibility that Mr. Romney would simply undo any such order upon taking office. The question then becomes what actions Mr. Romney would take as President.
There are indications that he would make room in his administration’s agenda for the subject. He has issued a white paper stating that, within the first 100 days of his presidency, he will order “a full interagency initiative to formulate a unified national strategy to deter and defend against the growing threats of militarized cyber-attacks, cyber-terrorism, cyber-espionage, and private-sector intellectual property theft.” He may champion legislation such as the Cyber Intelligence Sharing and Protection Action (CISPA), which passed through the House of Representatives earlier this year with a majority of Republican votes and a small number of Democratic votes.
While both candidates have said relatively little about cybersecurity on the campaign trail, each has at least signaled their plan to make cybersecurity a key component of his administration’s agenda. And, just as with today’s election, we hope tomorrow will bring more clarity with respect to this all-important defense of our nation’s infrastructure.