In January 2012, the U.S. Department of Defense released its new strategic guidance outlining plans for a “leaner” U.S. military. The plans envision budget reductions of $487 billion over 10 years. Cybersecurity, however, continues to rise as a priority: the strategy calls for increased investment in cyber capabilities. How to adapt the U.S. military to a technology-driven future will be an important question for any U.S. president. Below, a look at what the leading candidates in the 2012 election—President Barack Obama, Mitt Romney, Rick Santorum, and Newt Gingrich—are saying about cybersecurity and how they are planning to address what they see as growing cyber threats.
Obama has identified cybersecurity as one of the most serious economic and national security challenges facing the United States. Shortly after taking office, he directed a 60-day “clean-slate” review to assess U.S. policies and structures for cybersecurity, resulting in a 2009 report titled “Cyberspace Policy Review.” To implement the recommendations in this report, Obama appointed Howard A. Schmidt to serve as White House Cybersecurity Coordinator. The strategy is twofold: first, it aims to improve the country’s resilience when confronted with cyber incidents; second, it seeks to reduce the cyber threat.
In the last year, the administration issued two strategies that address major items on the action plan: the National Strategy for Trusted Identities in Cyberspace and the first comprehensive International Strategy for Cyberspace, which provides a unified foundation for U.S. international engagement on cyberspace issues. Last May, Obama declared in his State of the Union address: “To stay one step ahead of our adversaries, I’ve already sent this Congress legislation that will secure our country from the growing dangers of cyber threats.”
The legislative proposal would give the government new authority to ensure that corporations with assets critical to national security and economic prosperity are adequately prepared to defend them. Moreover, the proposals would give the government new authority to share information about cyber threats with businesses, and, when asked, provide them with federal assistance to prevent attacks and defend against intellectual property theft. According to Howard Schmidt, the “proposals would provide new tools to help our citizens and law enforcement professionals defend against cyber crime and identity theft, while, at the same time, safeguarding individuals’ privacy and civil liberties.”
In the face of defense cuts as part of the administration’s efforts to reduce deficits, the strategy calls for increased investment in cyber capabilities. “Operate effectively in cyberspace and space” is cited as one of the primary missions of the U.S. armed forces. The Defense Department and the State Department have also been more active on cyberspace issues during the Obama administration. In 2010, the Pentagon established a cyber command to fight in cyberspace and defend the country’s computer systems. In February 2011, Hillary Clinton appointed Christopher Painter to serve as the State Department’s first coordinator for cyber issues. Painter is leading the new Office for Cyber Issues and is tasked with bringing together the many parts of the State Department working on cyber issues to advance U.S. cyber interests more effectively.
The administration has framed intellectual property protection and cybersecurity initiatives as complementary. With regard to the controversial Stop Online Piracy Act and Protect IP Act, the White House issued a statement in January saying it “will not support legislation that reduces freedom of expression, increases cybersecurity risk, or undermines the dynamic, innovative global Internet.”
On the Republican side, former Massachusetts Governor Mitt Romney is considered the front-runner for the nomination. His stated security strategies also prioritize cybersecurity. In October 2011, Romney released a white paper on foreign policy “An American Century – A Strategy to Secure America’s Enduring Interests and Ideals,” outlining his view on some of the most significant foreign policy and national security challenges. He calls for a “strong America” and “will strive to ensure that the 21st century is an American Century.” In his white paper, Romney underlines the importance of cybersecurity and marks it as one of eight actions for the first 100 days. According to the paper, he would “order a full interagency initiative to formulate a unified national strategy to deter and defend against the growing threats of militarized cyber-attacks, cyber-terrorism, cyber-espionage, and private-sector intellectual property theft.”
While recognizing that Obama has made some progress in this area, Romney argues that the administration has not yet updated the national cybersecurity strategy of 2003. Romney maintains that a much more coordinated interagency effort is necessary, involving the Department of Defense, the intelligence agencies, the Department of Homeland Security, and the Departments of Commerce and the Treasury.
Back in October, Romney introduced his Foreign Policy and National Security Advisory Team. Among more than 20 advisers are Michael Chertoff, currently chairman of the Chertoff Group and former U.S. Secretary of Homeland Security (and an EWI board member); and Michael Hayden, former director of the CIA and NSA. In an interview with National Journal, Hayden indicated that cybersecurity is one of the issues he discussed with the Romney camp and that his future advice would mirror his public statements on the issue. Hayden is in favor of a stronger, more centralized federal office to oversee cybersecurity and would like to see the NSA taking a more active role in protecting U.S. networks.
Like Obama and Romney, Santorum has a list of initiatives on national security. On his campaign website, Santorum announces a ten-point plan to “reestablish America’s standing in the world” and states it is time that “America stop leading from behind and stand for freedom once again.” Advocating increased military preparedness, he describes Obama’s defense cuts as “wrong signal, wrong effort and wrong time.” He has staked out some hawkish positions, notably on Iran and China, and states that the United States is “facing a global alliance that includes Russia, North Korea, China, Iran, Syria, Venezuela, Bolivia, Nicaragua, Ecuador and of course Cuba.”
The former senator from Pennsylvania has not expressed a clear position on cybersecurity and how he thinks cybersecurity threats should be addressed. On the Stop Online Piracy Act, Santorum agrees with the other Republican candidates that the law goes too far. During the South Carolina debate in January, he added that he “will not agree with everybody up there that there isn’t something that can and should be done to protect the intellectual property rights of people…The Internet is not a free zone where anybody can do anything they want to do and trample the rights of other people.”
On his campaign website, former Speaker of the House Newt Gingrich put forward a plan to tackle the job crisis and meet the challenges of the 21st century. He calls it the 21st Century Contract with America.” The contract consists of four parts including a set of legislative proposals and a so-called “Day One Plan” of executive orders. One of Gingrich’s legislative proposals is to “revitalize our national security system to meet 21st century threats by restructuring and adequately funding our security agencies to function within a grand strategy for victory over those who seek to kill us or limit American freedom.” He has called for a new strategy, pointing to cybersecurity-related threats: “There are new emerging technologies endangering us – for example electromagnetic pulse weapons, cyberwar and lawfare, which we are not prepared to deal with.”
Gingrich ranks cyber warfare as a threat on a par with an electromagnetic pulse and a nuclear weapon in an American city and argues those threats require greater attention. During the Republican national security debate in Washington, D.C., in November 2011, candidates were asked what national security issue they worry about that nobody is asking about. Gingrich said a cyber attack is a primary concern, reiterating that the current system does not have the capacity to deal with this threat. The issue of cybersecurity was only addressed in the debate closing. Paul, Romney and Santorum did not mention cybersecurity in that debate.
Gingrich would abolish the position he calls a Cybersecurity Czar (White House Cybersecurity Coordinator). He claims the president does not have the authority to appoint bureaucrats to power who are not accountable to Congress. If those positions were still needed, he argues they should be installed with the advice and consent of the Senate. Regarding cybersecurity threats originating from China and Russia, Gingrich has said he would seek to engage both countries in a high-level conversation and present them with an ultimatum saying “there are games we’re not going to tolerate being played; we either need an armed truce or we’re going to engage as aggressively as you are.” Talks should be “top secret” and include people from the defense sector, Gingrich continues. He says cyber espionage should be considered an act of war.
During the Michigan debate last November, Gingrich said that the U.S. should “find ways to dramatically raise the pain level for the Chinese cheating, both in the hacking side, but also on the stealing and intellectual property side. I don’t think anybody today has a particularly good strategy for doing that.” Gingrich calls for disrupting Iran’s nuclear program through covert action, including “taking out their scientists” and cyber warfare. He would “wage real cyber warfare” to bring about regime change in Iran, and would be “prepared to use military force” as a last resort to keep Iran from obtaining a nuclear weapon. He continues “we could wage real cyber warfare against Iran and probably be remarkably effective at closing it down.”
Both Romney and Gingrich are critical of Obama’s foreign policy approach. They call for a strong America and “peace through strength” policy. They understand the importance of cybersecurity and the related threats. Romney claims Obama has not done enough in this area (i.e. interagency coordination) and makes cybersecurity one of his priorities during the first 100 days. He has also surrounded himself with experienced advisors in the cybersecurity arena.
Gingrich proposes some concrete actions including revitalizing the national security system, abolishing the “cybersecurity czar” position, and engaging China and Russia in conversations on sensitive issues. Both Romney and Gingrich say the U.S. needs to become tougher when it comes to China and intellectual property protection in particular. It is not entirely clear how Santorum feels about cybersecurity, but his current rhetoric lets us believe that he might be tougher on China in certain areas (i.e. trade) than Romney and Gingrich. No matter what happens in the 2012 election, there’s no doubt that cybersecurity will continue to rise higher on the Washington policy agenda. It’s an issue that any president will have to keep addressing.