U.S. computer security might not be a major issue on the campaign trail, but the next president’s cybersecurity leadership choices are sure to raise eyebrows in Washington after the election.
Both candidates were virtually mute on the topic during key stump speeches. At the Oct. 16 foreign policy debate, Romney toward the end uttered the word, “hack” in relationship to China’s economic strategy: “China's been cheating over the years . . . by stealing our intellectual property; our designs, our patents, our technology. There's even an Apple store in China that's a counterfeit Apple store, selling counterfeit goods. They hack into our computers.”
Obama twice in October visited Virginia’s George Mason University -- a federally-certified cybersecurity National Center of Academic Excellence -- without discussing cyber employment in the hotly-contested state. Virginia’s 277,600 high-tech professionals represent 9.8 percent of the state’s private workforce, according to TechAmerica Foundation.
“I think it’s probably one of the things he should have focused more on because he wants to win Virginia,” said Dave Aitel, a computer scientist at the Pentagon’s National Security Agency during the Clinton administration. “It’s astounding to me that both of these candidates who have a lot vested in the issue are passing it by and I don’t know why that is.”
Maybe it's because interagency turf battles over who is in charge of U.S. computer security haven’t gone mainstream yet.
Regardless, the outcome of the race will shape near-term cyber policy, several tech observers say. Even if Obama holds on to his job, information security programs, personnel and offices will change.
Romney is likely to take cues from Senate Republicans on where to place cyber responsibilities in the executive branch organizational chart. Generally, the GOP would like to concentrate cyber authorities within the Defense Department, rather than increase the Homeland Security Department’s control over private network security, as Democrats have attempted to do.
Obama, through a temporary executive order or fights with Congress for permanent reforms, will try to regulate the way vital sectors -- banks, for example -- protect their computers. Romney probably would leave companies to their own devices in securing such critical infrastructure.
While the Republican contender might dispose of some cyber regulations, he likely will invest in aggressive military maneuvers for cyberspace, although some of the spending would be classified, tech observers say. Expect Obama to move more cautiously in executing offensive cyber operations, such as Stuxnet, a joint U.S.-Israeli attack on Iran’s nuclear program computers.
Romney might tap campaign aide Michael Hayden, a former director of the CIA and NSA, for a senior position whose portfolio would include cybersecurity and other national security issues. Hayden currently consults for the Chertoff Group, headed by Michael Chertoff, Hayden’s co-chair on the Romney counterterrorism and intelligence advisory working group.
Regarding cybersecurity leadership, “obviously, Romney would be appointing Michael Hayden. I would not be surprised to see him having a cabinet level position,” said Aitel, now chief executive officer of cybersecurity firm Immunity Inc. “Michael Hayden is going to want some level of pull.”
Either candidate likely would upgrade the status of U.S Cyber Command -- which is now subordinate to U.S. Strategic Command -- to that of a full combatant command. That means the two-year-old service, which directs offensive network operations and protects military networks, would have the ear of the Pentagon’s highest-ranking officials.
The unknown is whether one or two people will supervise Cyber Command and NSA, the military’s long-standing network surveillance and codebreaking agency. Currently one officer, Keith Alexander, runs both outfits. The four star general likely will step down next year, irrespective of who’s in the White House.
“NSA will be facing changes because the structure that they have right now is a transitionary structure,” Aitel said. “The question is who comes next and is it one person or two.”