Cybersecurity concerns focus of summit

cybersecurity summit Michael McFaul, second from the left and the executive director of the Freeman Spogli Institute, talks with other panelists at the Cyber Security Summit on Sept. 19. On the far left is Amy Zegart, co-director of CISAC, and in the middle is Michael Chertoff, former director of the U.S. Department of Homeland Security. On the far right is Vinh Nguyen, a national intelligence officer for the U.S. federal government, and to his left is Dmitri Alperovich, co-founder of CrowdStrike.

With each passing day, computer hacking against countries, organizations and people is forcing the subject of cybersecurity to the top of national security agendas.

An estimated 42.8 million cyber attacks will take place this year, according to experts. Scaling up to meet this challenge is why more than 140 people from science, politics, business and the military attended the fourth annual Cyber Security Summit at Stanford’s Center for International Security and Cooperation (CISAC) on Sept. 19-20.

The Munich Security Conference and Deutsche Telekom sponsored the event. CISAC is in the Freeman Spogli Institute for International Studies. Participants delved deep into issues associated with today’s online world, including how to balance privacy and civil liberties with the need for intelligence, for example. Discussions ranged on questions such as:

• What will the future of warfare look like – human soldiers or killer robots?

• How do we ensure that technological progress does not escape human control?

• What are the biggest challenges combatting the online activities of groups like the Islamic State?

• What are the possible cyberspace conflicts between the U.S., Russia and China?

• Are countries ready for cyber attacks against key infrastructure such as energy, water and utilities, or the U.S. election system, for example?

Electoral impact

In a talk on cyber attacks and the U.S. elections, panelists discussed how such electoral manipulation in the ongoing presidential campaign might happen, and what could be done about it. While it was noted that foreign adversaries could undermine the American public’s confidence in its election system, one expert pointed out that it’s unlikely to occur undetected on a widespread basis.

Credibility is now the battlefield, one panelist said. If hacking occurs, how will an election be validated? The track record shows that Russian has attempted to influence elections in Eastern Europe, so hacking into U.S. political entities is their way to sow doubt among voters.

The economic costs of cyber attacks – $400 to $500 billion a year was one participant’s estimate – and “cyberspace norms” were other issues explored. Countries and companies are grappling with the losses associated with these incursions, and with how – and who – should set the rules for the “digital game.”

On encryption, questions in one discussion revolved around how the public and private sectors can resolve such issues, how far data privacy could be compromised for effective intelligence work, and vice versa.

Online jihadism was another subject. The conference panelists talked about which tools are most effective in countering jihadist propaganda and recruitment on the Internet. Also, the need for Europe and the U.S. to work together on such fronts was mentioned.

CISAC and FSI participants included Amy Zegart, co-director of CISAC and senior fellow at the Hoover Institution; Michael McFaul, director of the Freeman Spogli Institute and senior fellow at the Hoover Institution; Martin Hellman, professor emeritus of electrical engineering; among others. Other attendees hailed from U.S. and European Union agencies and businesses, and local Silicon Valley companies.

Zegart said a collaborative spirit and drive for innovation characterizes Stanford. “In the past three years, we have built an exciting program dedicated to educating current and future cyber leaders, producing policy-driven knowledge, and convening leaders across sectors and borders,” she wrote in the program guide.

McFaul, in his opening statement, noted the origins of CISAC – it was created when there was a different technological concern – nuclear materials. Then, scientists and social scientists at CISAC got together to work on nuclear proliferation. Today, the threat is cyber attacks, and CISAC is confronting this challenge. He said the scariest briefing he had in his ambassador position at the U.S. Department of State was on cybersecurity.

For his discussion on terrorism, Hellman brought pages of pro-encryption quotes from government officials. He suggested end-to-end encryption was good for Americans.

Crossing borders

The Munich Security Conference is considered to be the most important informal meeting on security policy. Outside speakers included Michael Cherthoff, former secretary of Homeland Security; Jane Holl Lute, the under secretary general for the United Nations; and Christopher Painter, coordinator for cyber issues at the U.S. Department of State.

Wolfgang Ischinger, the chair of the Munich Security Conference, said at the press conference that, “cybersecurity has over the last few years evolved to be one of the most indispensable agenda items.”

The “quest for rules” in cyberspace, he noted, is overwhelmingly difficult and vitally important.

Thomas Kremer, board member for co-sponsor Deutsche Telekom AG, said, “cyber attacks don’t accept national borders.” Cybersecurity has become a global issue, he explained, with ramifications for countries, companies and everyday people.

He added, “Our chances to fight cyber crime are far better when we collaborate.”

Stanford and CISAC are at the forefront of the national discussion on cybersecurity. The university launched the Stanford Cyber Initiative; hosted President Obama’s cybersecurity summit and defense secretary Ashton Carter’s unveiling of a new U.S. cyber strategy; and CISAC and the Hoover Institution have teamed up in recent years for media roundtables and Congressional bootcamps on cybersecurity.

Finally, CISAC senior research scholar Joe Felter and other experts held Hacking for Defense & Diplomacy class for educators and sponsors on Sept. 7-9. (See the final class presentations here). In spring 2016, they held the first such class to train students in cybersecurity for defense purposes. Steve Blank, a consulting associate professor in the Stanford School of Engineering’s Department of Management Science and Engineering, helped develop the class. This fall, they will prototype a Hacking for Diplomacy course at Stanford.

Click here for the Munich Security Conference’s agenda for this event and a list of participants.