How the Presidential Election will Impact Cybersecurity

Anthony Freed
By | November 01, 2012

Posted in: Network Security Trends

Cybersecurity is a relatively young discipline, yet it has quickly emerged as one of single most important issues of the day, as information systems touch nearly every aspect of our daily lives in a digital society. Threats to the nation's critical infrastructure, corporate intellectual property, and the identities of the average citizen have propelled the issue to the highest echelons of government, and the upcoming presidential elections could shape cybersecurity efforts for years to come, as the two candidates have taken positions that are quite contrary to one another on a number of key issues. Security Bistro asked a panel of experts representing a wide array of expertise and interests in the information security field to provide their opinions on how the outcome of the election may impact cybersecurity over the next four years. Here is what they had to say...

Ali-Reza Anghaie (@Packetknife), Founder Packetknife LLC and Contributing Analyst at Wikistrat

"The two major candidates for President of The United States differ in their Cybersecurity policy in many rhetoric driven words but in substantial effective action - very little. In actuality most of their perceptions and concerns are driven from the standpoint of Copyright and Patent protection with additional limited perspective on consumer protection and utility regulation. Regardless of who is our next President, the next fours years will continue to see rapid budgetary expansion in Cyber initiatives only lagging in pace to the continued rapid discovery of more breaches and vulnerabilities. These next four years are still about Cyber self-discovery at a Nation-State level."

Christopher Burgess (@burgessct), Chief Security Officer at Atigeo

"Regardless who is the victor on 06 November, national cyber security policy creation will continue to be front and center, and I believe we can expect a continued hardening of the US official position as the legislative branches of government push the executive branch to evolve a policy which not only protects the United States, but also punishes those who wish to do harm to the United States. The government itself will harden and become more proactive in their offensive protection schemas; the national infrastructure (energy, water, healthcare, transportation) will be directed to evolve to a protected posture or will be legislated into doing so; the executive branch will be driven by legislative branch to protect the US economy and that means helping both enterprise and SMB to have availed to them both the information and the capability to protect their cyber environment(s)."

Larry Clinton, President and CEO at the Internet Security Alliance

"The election could have a major effect on the fate of cybersecurity policy. To begin with the Executive Order Obama is expected to release following the election could become mute should Romney win. A Romney win would likely come with a GOP Congress which might set the stage for a more incentive based approach to cybersecurity in contrast tot eh regulatory model the Obama administration has championed. Should Obama win he will likely face a divided Congress which may make any cyber legislation more difficult and certainly mitigate against a bill that would expand regulation. However, if for example Obama wins and faces a GOP House and Senate this could set the stage, particularly in the wake of some bipartisanship coming out of the Sandy disaster, for a more collaborative process that could result in a comprehensive cyber bill but one that takes more account of economics of cyber in addition to the technical approach Obama has pushed for. A similar situation occurred in the mid 1990s when a large technical bill, the Telecommunications Act of 1934 rewrite, which had been considered in two previous Congress' (as has the cyber bills) found a middle ground brokered by a GOP Congress with President Clinton. That could happen again in 2013/14."

Jack Daniel (@jack_daniel), Technical Product Manager at Tenable Network Security

"I do not believe the upcoming presidential election will significantly change the future of cybersecurity overall, and I doubt that it will significantly change the direction of US government security or regulation. As much noise as comes from government, the field is global and evolving, and largely controlled by corporations, not governments. The next administration will try to work with a Congress which will continue to be reactionary and largely misinformed (or informed by special interests) on matters of information security, as a result security regulation and priorities will continue to be driven more by headlines than by any stated policy."

Joel Harding (@Joel_Harding), Director, IO at Association of Old Crows, Capitol Club

"I honestly do not know or care who wins the national election. I only know that whoever wins absolutely must more than just urge Congress to pass decent cybersecurity legislation. The future of our economy depends on legislation being passed by Congress and signed by the President. The legislation needs teeth and substance. Teeth, to compel cooperation between the business world and government and substance which includes palatable standards covering the breadth of reporting requirements. At the same time we need the government to begin pushing more useful information to America, public and private, to be used to protect our information. This is not about just the next four years, this is about our future."

Larry Karisny (@larrykarisny), Cyber and Critical Infrastructure Security Expert and Co-Founder at TLC Secure

"Cybersecurity is politically and presidentially agnostic. After attending the ICS Cyber Security Conference last week hosted by industry expert Joe Weiss, the only thing I can tell you for sure is that the attacks are real, increasing and as much a global threat as a national threat. This meeting of cyber experts privately presented known critical infrastructure cybersecurity vulnerabilities and attacks with full disclosure from counties and companies effected. Oddly enough many of the best cybersecurity solutions to these problems came from small brilliant entrepreneurs not large multinational companies or large government agencies. Hackers do not need to follow industry or government rules. Creating expensive and almost impenetrable bureaucracies in cybersecurity can do a lot more harm than good in ever changing cyber attacks. Putting thousands of eyes on security in standards groups and compliance certifications is just at times giving the hacker more information. When the total investment of a hacker is brains and a laptop governments around the world need to find quicker ways of getting the little good guys in to keep the little bad guys out. Any leader of any country that does not take cybersecurity seriously and is not trying to find ways to quickly protect from these inevitable cyber attacks is just asking for problems."

Philip Polstra (@ppolstra), Computer Information Systems Professor at University of Dubuque

"Naturally the winner of the election will affect our cybersecurity over the next four years. If Obama is re-elected we can expect more of the same. That is, a continued assault on our privacy and freedom online. Not only did Obama renew the PATRIOT act of which he was so critical, he expanded it. Under Obama's administration we have seen many attacks on our privacy and freedom, enough for the Electronic Frontier Foundation to state that "Obama is becoming the most anti-privacy president ever" over two years ago. Ironically, while Obama has taken away our privacy he is arguably the least transparent president ever, as evidenced by Donald Trump's latest offer to donate $5M on his behalf it he was willing to be a little more transparent about his college years (when he morphed from Barry Santos into Barack Obama). Obama has allowed the overall American security posture to falter as evidenced by terrorist attacks against our embassies and his attempts to cover up these attacks and pin the blame on some obscure video producer. Under Obama's leadership the US has developed worms and other tools for cyber warfare and attempted to blame others when some of these goodies were discovered in the wild. In summary, four more years of Obama will likely give us less privacy at home and less security at home and abroad against attacks both physical and cyber. What will Romney bring if he wins? I'm not one to speculate. I do, however, have a hard time imagining that it could possibly look worse given his past performance as governor and Obama's disappointing first term."

Richard Stiennon (@stiennon) , Author and Chief Research Analyst at IT Harvest

"The results of the election will not have much impact either way on cybersecurity. Both candidates have the same measured approach. Romney says he will initiate a 100 day review, much as Obama did when his term started. Cybersecurity is a relatively non-partisan issue. Both parties are aligned on the need for more education, training, and public-private partnership. Neither of them have announced any substantive measures to actually improve cybersecurity. Either way there will be a changing of the guard in the high ranking cyber officials as they take advantage of the post-election lull to find jobs in the private sector which is booming despite the lack of government investment in security."

Boris Sverdlik (@jadedsecurity) , Product and Platform Security at Tagged

"Will the outcome of the election have an impact on cybersecurity over the next four years? My guess is probably not. Neither of the candidates have even addressed the fact that the IRS still provides a medium for identity theft through snail mail, so how could they possibly understand the confidentiality aspect of security? Personally I think both of their platforms in the area of information security are lacking and as we've seen in the past money will be directed towards foreign initiatives that will have almost no real impact in maintaining the safety of our citizens."

You May Also Be Interested In: