So what’s Mitt Romney’s take on cyber security?

With the third and final presidential debate fast approaching, Killer Apps thought it would be a good idea to take a quick look at the candidates’ stances on cyber security.

While we haven’t heard much from either side on cyberwarfare or threats during the race for the White House, the Obama administration’s take on cyber security has become pretty clear in recent months. Mitt Romney has been pretty quiet on the matter, other than saying in this white paper that he will order an interagency review on the government’s approach to cyber security "prevent duplication, maximize information sharing, and bind together the disparate competencies of these agencies." He has also said he will look to update the Bush-era national cyber security strategy that was first drafted in 2003.

"Mitt Romney has promised to make cybersecurity a top priority early in his administration," said a campaign spokeswoman when Killer Apps asked if the candidate has more detailed plans than what was outlined in the white paper. "He will order the formulation of a national cybersecurity strategy, to deter and defend against the growing threats of militarized cyber-attacks, cyber-terrorism, and cyber-espionage. Once the strategy is formulated he will determine how best it can be implemented."

The White House has been pushing Congress to pass the Cyber Security Act of 2012, penned by Sens. Joe Lieberman (I-CT.) and Susan Collins (R-ME) that has been stalled since August. In the meantime, the White House is hustling to put together an executive order that would likely establish minimal cyber security standards for private companies involved in critical infrastructure and foster increased communication between those companies and the government about cyber threats.

The Pentagon has also become aggressive in lobbying the public about what it says is the threat of physically destructive cyber attacks and it has recently begun to discuss its offensive cyber capabilities in an effort to send a message to its allies and adversaries that the United States can and will fight back in the digital domain. And let’s not forget the alleged involvement of U.S. security assets in a number of cyber weapons and spy tools that have been unleashed in the Middle East during the Obama administration (though work on some of them began during the presidency of George W. Bush).

Bottom line, the Obama White House appears to be hinting at the notion of military cyber deterrence — anchored by the Pentagon’s offensive capabilities, but combined with its push to make its networks able to survive a full-on cyber attack from a country like Russia or China — all while  pushing the private sector to strengthen its online defenses.

Given the growing importance of cyber to U.S. national security, and the recent spate of cyber attacks against American critical infrastructure providers and Middle Eastern oil companies, "it seems very peculiar that presidential candidates are quiet on these issues," Jarno Limnell, director of cyber security at the IT security firm Stonesoft, told Killer Apps on Oct. 18. "I haven’t seen a lot from the Romney side but I have noted that he has criticized Obama for being overly reliant on defensive capabilities."

One indicator that may provide insight into what could become the key differences between Obama and Romney’s stances on cyber strategy is the two parties’ takes on recent cyber security legislation.

The White House insists that any cybersecurity legislation must contain provisions restricting what type of information is collected about private citizens and how that information may be used by the government (something that a Republican-sponsored cyber security bill in the House doesn’t contain to the same extent as the Senate bill). Senate Republicans — in a stance backed by business interests such as the U.S. Chamber of Commerce — stalled Lieberman and Collins’s bill, citing concerns that the minimal network security standards that it mandated for banks, utilities, transportation companies and other so called critical infrastructure providers, are burdensome and unnecessary  regulation.