Consider all that has developed this year regarding cyber threats on a global scale: from a barrage of world-class malware targeting the Middle East, to increasingly professionalized financial fraud emanating from Eastern Europe, to continued worries over Chinese espionage, to growing and laudable international cooperation to track down online crooks and bust operations.
But, there was barely a mention of any of it during Monday night’s third and final presidential debate. According to the transcript, only on two occasions did the candidates acknowledge digital concerns.
First, in response to a question about budget spending, particularly funding for the military, President Obama makes a brief mention: “We need to be thinking about cyber security.” Second, when asked what the greatest threat is facing the United States, Gov. Romney replied, not surprisingly: “a nuclear Iran.” But he also addressed China by saying: “They’re stealing our intellectual property, our patents, our designs, our technology, hacking into our computers, counterfeiting our goods.” And that was that.
I can’t say I’m completely surprised. After all, arguably the United States’ most critical foreign policy decision — its troubling use of drones without judicial oversight to often blow villages in Afghanistan, Pakistan, Yemen and elsewhere to smithereens — only got one question. (If you missed their answers: Both candidates have a massive love affair with drones).
As well, cyber traditionally has been given short shrift in these types of high-ratings moments, given the public’s propensity to relate to more traditional, recognizable foreign policy matters.
But considering Iran and Israel each got mentioned dozens of times by both candidates, it would have seemed natural for threats like Stuxnet and Flame to come up, especially when Romney was challenging Obama on his toughness on Iran. Remember, Stuxnet and Flame are almost assuredly U.S.-Israel creations, and both seek to either destroy computer systems or gather intel, particularly regarding Iran’s nuclear capabilities.
Obama was more than happy to bring up the “crippling sanctions” he has imposed against Iran. Yet, he couldn’t even muster a measly cyber-Pearl Harbor reference.
I’m guessing the reason neither candidate took the bait is because the United States doesn’t want to publicly admit that it is orchestrating sophisticated cyber attacks against enemy nations. Because if it did, this could blow the government’s dirty little secret: that the United States is not only a victim in cyber space, but also an aggressor, especially when it comes to offensive missions.
Essentially, it boils down to: “Just because we’re doing something doesn’t mean you can too.”
Hear it from Defense Secretary Leon Pannetta.
Earlier this month, he spoke to business leaders in New York, where, according to an Associated Press recap, he pronounced that “the cyber threat from Iran has grown, and he declared that the Pentagon is prepared to take action if American is threatened by a computer-based assault.” Pannetta cited attacks against Gulf oil companies Saudi Aramco and RasGas believed to have been carried out by the Iranian government, but he never mentioned that U.S.-led cyber strikes against Iran already have happened.
But there was none of this talk on Monday night.
So in a year in which the floodgates opened thanks to Flame, Duqu and others, and comprehensive cyber security legislation almost passed in Congress, where it remains a key issue, one thing remains clear: Cyber still isn’t ready to hang with the big kids.