<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Dear DD - attached is some red meat. :><br>
-dave<br>
<br>
<h1>Introduction</h1>
<br>
It is, of course, very possible that hackers will get to help choose
America's next president. Possibly not in the most direct way (aka,
attacking the electoral system directly, the candidates, or the
super PACs that support their campaigns), although <a
href="http://www.thedailybeast.com/newsweek/2008/11/04/hackers-and-spending-sprees.html">this
did happen to some extent last time around</a>. But also, of
course, indirectly in that cyber security is a beach ball used by
the candidates and addressed by the candidates during their
campaigns. So at some level it is interesting to compare and
contrast the campaigns on the issue. <br>
<br>
Cyber security is a part of the overall Internet and high-tech
policy of each of the campaigns, touching upon copyright, patents,
regulation, free speech, foreign policy, and other issues. But as it
is rising in importance in the world at large, it is also becoming
an increasingly visible part of each campaign's strategy and
message. Below I split each of the campaigns out and share my
opinions (as someone who has worked in cyber security for over a
decade both as part of the Government and in the private sector) on
their strengths and weaknesses.<br>
<br>
<h1> Newt Gingrich</h1>
<br>
Wired has an <a
href="http://www.wired.com/dangerroom/2012/01/newt-goes-to-cyberwar/">article</a>
on Newt Gingrich on this issue out recently - and it is suitably
hawkish on cyber security (or Cyber War, cyber security's bigger,
scarier cousin). Newt Gingrich has the significant advantage of
being a science geek and thus can speak to the cyber security
population in their own language. For example, he can quote Dune or
other science fiction, and thus is less likely to trip over his
words or have a "series of tubes" moment. Although he is by trade
not technical, he is able to at least sound like he gets it. For
example, <a
href="http://www.politico.com/news/stories/0112/71697.html">his
language in the Republican debates regarding SOPA</a> was exactly
what the technical community wanted to hear - and more eloquent on
the subject than the other candidates on the issue. Only Ron Paul
met with similar approval in the technical community (by saying he
was against it from the beginning) and Rick Santorum was clearly on
the opposite side of the issue from the technical community. In one
of the early debates, the moderator asked the candidates what they
saw as some of the biggest threats against America that were going
unaddressed, and <a
href="http://cnsnews.com/news/article/central-america-cyber-security-and-electromagnetic-pulse-attack-identified-overlooked">both
Herman Cain and Newt Gingrich</a> listed cyber attack. That said,
his positions <a
href="http://www.politico.com/blogs/under-the-radar/2012/01/in-gingrich-backed-censoring-the-web-111756.html">have
some nuance in the area</a> and it's not clear who is advising him
on cyber security, if anyone. However, he never comes across as
sounding uninformed on the subject in his public interviews (the
meat of the<a
href="http://coffeeandmarkets.com/2011/12/09/newt-gingrich-on-entitlement-reform-the-federal-reserve-and-the-eurozone/">
coffeeandmarkets piece</a> is 16 minutes in or so and worth a
listen).<br>
<br>
<h1> Rick Santorum</h1>
<br>
While in the Senate Rick Santorum served as co-chair of the critical
infrastructure protection committee, and <a
href="http://www.sei.cmu.edu/newsitems/cybersummitadvisoryrelease.cfm">he
has been involved in cyber-security issues. </a>It's hard to say
that he's made much use of this experience on the campaign trail,
however. He may find it difficult to connect with the technical
community because of his stance on social issues. (More on that
later). <br>
<br>
<h1> Mitt Romney</h1>
<br>
One way to find out how a candidate is going to move is to look at
who advises them. Two of Mitt Romney's senior advisers have given
keynote speeches at BlackHat, the largest information security
conference in the world - Cofer Black and Michael Hayden. Both are
well known in the community, and although neither is particularly
technical, they both have well formed and forceful opinions based on
long experience - a sort of hacker osmosis, if you will. To be
specific, they <a href="http://www.youtube.com/watch?v=pKZDYgj0KTA">both
see a</a> <a
href="http://www.firstpost.com/topic/person/michael-v-hayden-cyber-threats-ongoing-efforts-to-protect-the-nation-video-oC5BmFSGXsI-9459-1.html">clear
and present danger from foreign cyber espionage</a> against the
economic and security interests of the United States. Mitt Romney
appears to use the phrase "cheating" when referring to these issues
(although in an early debate he was more specific), lumping them a
bit with larger copyright and trademark issues and almost entirely
in relation to China.<br>
<br>
<h1> Ron Paul</h1>
<br>
There's a large libertarian streak among hackers and cyber security
professionals, and it's evident in how many of them support Ron Paul
(sometimes <a
href="http://www.sheknows.com/entertainment/articles/852761/musicians-hacked-into-endorsing-ron-paul">in
funny ways</a>). That said, he does not always agree with the tech
community's latest drives. For example, <a
href="http://www.youtube.com/watch?v=yCM_wQy4YVg">he is not
pro-net-nutrality</a> (see 52 minutes in). Hacking is, in many
ways, the discipline of studied iconoclasty, and no candidate is
more iconoclastic than Ron Paul. Hackers also tend to have a lot of
spare money, and no doubt some of that money is flowing to the Ron
Paul campaign. In the first debate in Florida, you'll notice
Gingrich was careful to avoid seeming inimical to Ron Paul's ideas
on stage.<br>
<br>
<h1> Barack Obama</h1>
<br>
The White House's position on SOPA, <a
href="http://www.politico.com/news/stories/0112/71445.html">which
threaded the needle between Hollywood and the tech community</a>,
was an example of some of the different cards the current
administration may play in the upcoming campaign. While supporting
Google as much as probably possible against the Chinese cyber
espionage attempts, the White House has also taken positions <a
href="http://thehill.com/blogs/hillicon-valley/technology/206485-senators-back-obamas-call-for-cybersecurity-reform">on
many other cyber security issues</a> , some of which have been <a
href="http://news.cnet.com/8301-13578_3-10320096-38.html">widely
criticized in the cyber security community</a>. And the industry <a
href="http://www.wired.com/dangerroom/2012/01/pentagon-asia-strategy/?utm_source=Contextly&utm_medium=RelatedLinks&utm_campaign=Previous">has
not exactly shrunk</a> under Obama - experiencing a robust boom
even in times of otherwise tight belts in the defense community.
Administration efforts such as the <a
href="http://www.politico.com/news/stories/1211/70016.html">Cyber
Fast Track</a> have also received positive acclaim. When you have
a member of the l0pht running part of DARPA and <a
href="http://www.dhs.gov/files/committees/editorial_0858.shtm#16">Jeff
Moss has a place advising DHS</a>, you've built inroads to the
community. It remains to be seen whether these inroads are
highlighted by the campaign. <br>
<br>
If any Republican is to attack the current administration's policies
on cyber, it will probably have to be on "Effectiveness". I.E. It's
all well and good that the DHS has a new <a
href="http://www.dhs.gov/files/events/stop-think-connect.shtm">marketing
campaign to increase cyber security awareness</a>, but how does
that stop hackers from actually hacking <a
href="http://news.cnet.com/8301-27080_3-57327968-245/hacker-says-he-broke-into-texas-water-plant-others/">into
our water plants</a> with seeming ease? Unfortunately, this would
essentially be a call for further regulation, which seems like a
hard argument for a Republican candidate to make at the moment. You
get this sense during some of the debates, where Republican
candidates call for more covert action against Iran, and then have
to circle back to "You know...things like Stuxnet". <br>
<br>
<h1> Social Issues</h1>
<br>
Taken as a whole, cyber security professionals are, like any other
large population, quite diverse. However there are some strong
general trends. For example, the overall population has a tendency
to be quite atheistic, libertarian, pro-gay-rights, and
international. This may swing hackers as voters (and donors) more
towards Obama than the eventual Republican nominee. You may remember
Obama being bashed for <a
href="http://www.youtube.com/watch?v=twoXZE9U0Io">including
"non-believers"</a> in his 2008 inaugural address, for example.<br>
<br>
So there are two future questions that bear thinking about as the
campaigns develop: <br>
1. What, if any, influence will cyber security have on the
presidential campaign? <br>
and<br>
2. What will change in cyber security if one of the Republicans
wins? <br>
<br>
I would opine that Mitt Romney's choice of advisers presents the
clearest indication not just that he will use cyber in his campaign,
but as to what his positions as a President would be. That is,
strongly hawkish against the ongoing economic cyber espionage
conducted by the Chinese and other countries against US Firms. Cyber
security has been in the news a lot this year, and I'd say there's a
strong chance that either he, or Newt Gingrich who is immersed in
high tech culture more than any other nominee, uses cyber security
as a differentiation during an upcoming debate. It has the advantage
of being both suitably hawkish, and having an impact on the most
magic of words this year: "Jobs".<br>
<pre class="moz-signature" cols="72">--
INFILTRATE 2013 January 10th-11th in Miami - the world's best offensive information security conference.
<a class="moz-txt-link-abbreviated" href="http://www.infiltratecon.com">www.infiltratecon.com</a>
</pre>
</body>
</html>