Cybersecurity reform urgent, panel warns

gettyimages 507473994 Stanford cybersecurity expert Herb Lin said America may be at a “tipping point” regarding the rewards and risks of the Internet, unless recommended new cybersecurity policies are adopted in the near future.

Stanford cybersecurity expert Herb Lin said America may be at a “tipping point” regarding the rewards and risks of the Internet, unless new cybersecurity policies are adopted by the incoming Trump Administration. He speaks Dec. 7 at Stanford on the issue.

The costs of using the Internet and computational devices due to inadequate security may soon outweigh the benefits unless dramatic cybersecurity measures are taken, a Stanford scholar said.

Herbert Lin, a senior research scholar for cyber policy and security at Stanford’s Center for International Security and Cooperation (CISAC), serves on the President’s Commission on Enhancing National Cybersecurity, which on Dec. 2 issued strong recommendations to upgrade the nation’s cybersecurity systems.

Lin will speak Dec. 7 at Stanford about the report – his talk will be featured live on video. The 100-page report aims to inform the incoming Trump Administration about how to approach escalating cybersecurity dangers. The effort follows significant hacking of U.S. government systems in and accusations by the White House that Russia interfered in the U.S. presidential election.

The commission suggested both short- and long-term measures, such as fixing problems from the weakly protected ‘internet-of-things’; creating an assistant to the president for cybersecurity; and re-organizing responsibility for the cybersecurity of federal agencies, among others.

The report also urged getting rid of traditional passwords, which could help reduce identity theft. It also advised that the new administration train 100,000 new cybersecurity workers by 2020.

A research fellow at the Hoover Institution, Lin was recently interviewed by CISAC about the report:

What is the reason to move the burden of cybersecurity away from the user to higher levels of companies, government?

Taking the necessary and appropriate measures for cybersecurity is, for practical purposes, too complex for average end-users. A successful effort to push cybersecurity measures farther from the user will result in better security because security decisions will be made by those who are security experts rather than users that are unfamiliar with security.

Why is the White House the best entity to lead cybersecurity efforts?

Enhancing national cybersecurity requires a whole-of-government effort, indeed a whole-of-society effort.  The task is making a meaningful dent in a problem that is so large. Only with high-level leadership does that effort have any chance of success.

Will the distrust of the U.S. government by the technology community in general hinder this approach to cybersecurity? How can the tech world's trust in the government on cybersecurity issues be improved?

Distrust harms both sides – the U.S. government and the technology community.  The U.S. government loses the ability to enlist the cooperation of the private sector, which has many capabilities that it does not have, capabilities that would be useful in fulfilling its responsibilities to the American people. The tech sector invites harsh legislation and suspicion that work against its interests. At the same time, the distrust is not entirely unfounded, as both sides have indulged in apocalyptic rhetoric that has raised the temperature of the debate without much productive result.  But what I’m saying here represents a personal perspective, and isn’t part of the commission’s report.

What happens if these recommendations are not enacted or adopted? What happens to the typical American computer user? In the long run, if we do little or nothing, how will this affect the Internet – as an economic driver or engine for the economy, place where people connect?

President Obama created the commission because he believed that cybersecurity was a high national priority, a sentiment with which both presidential candidates agreed. If the nation does too little to improve its cybersecurity posture, the gap between the security we have and the security we need will only grow because the cybersecurity threat we face is growing. And if that is the case, the costs of using the Internet and computational devices due to inadequate security will outweigh the benefits – indeed, there is evidence that we are near such a tipping point today. Even now, a large fraction of Americans are unwilling to use the Internet for certain purposes due to security concerns – and I can tell you that I personally refrain from conducting certain transactions online for just such reasons.

Any other issues?

One of the most surprising aspects of the report was the process that produced it.  The chair of the commission is known to be a Democrat. The vice-chair is known to be a Republican.  Other than that, you would be hard-pressed to identify the political affiliations of anyone else on the commission on the basis of what they said. So it was thoroughly a nonpartisan effort that produced the report.

Herb Lin will speak at 4:30 p.m. Wednesday, Dec. 7 in the NEC Auditorium, Gates Computer Science Building Room B3. More information and live video information is available at http://ee380.stanford.edu. The title of the talk is “Charting a Cybersecurity Path for the Next Administration: Report of the President's Commission on Enhancing National Cybersecurity.” In February, President Obama announced a Cybersecurity National Action Plan to take a series of short-term and long-term actions to improve our nation’s cybersecurity posture.  A central feature of that plan is the non-partisan Commission on Enhancing National Cybersecurity.

Follow CISAC on Twitter at @StanfordCISAC and on Facebook at www.facebook.com/StanfordCISAC.

MEDIA CONTACTS

Herbert Lin, Center for International Security and Cooperation: (650) 497-8600, herbert.s.lin@stanford.edu

Clifton B. Parker, Center for International Security and Cooperation: (650) 725-6488, cbparker@stanford.edu