Exploring cybersecurity, Capitol Hill-style

dsc 4824a Sean Kanuck, center, an affiliate with CISAC who served as the U.S.’ first national intelligence officer for cyber issues from 2011 to 2016, talked about reframing cybersecurity problems in his keynote address to the Stanford Congressional Cyber Boot Camp.

As cyber attacks escalate in magnitude – reflected in the 2016 Russian meddling in the U.S. election and the 2014 Sony Pictures hacking – the red alert has gone out to Washington D.C. to confront the issue.

At Stanford, Capitol Hill staffers are doing just that, thanks to the Congressional Cyber Boot Camp that takes place Aug. 14-16. The third installment of its kind since 2014, the workshop offered panel discussions, role-playing exercises, informational sessions, and networking opportunities -- all aimed at getting Congress on top of a fast-accelerating issue that has ramifications throughout the American domain.

This year’s event involved almost three dozen staffers hailing from U.S. Senate and House member offices and committees such as the U.S. Senate Select Committee on Intelligence, Homeland Security, Appropriations, Judiciary, Energy and Commerce. Top cyber and policy experts addressed them about some of the thorniest issues emerging in cyber realms -- and what it means for this country's political leadership and citizenry.

The boot camp was held at the Hoover Institution, a co-sponsor along with Stanford’s Center for International Security and Cooperation, the Freeman Spogli Institute for International Relations, the Stanford Cyber Initiative, and the Stuart Family Congressional Fellowship Program.

CISAC co-director Amy Zegart said, "The Congressional Cyber Boot Camp is our signature event because we’re connecting the worlds of public policy and cybersecurity in ways that help advance national security." Zegart, also the Davies Family Senior Fellow at Hoover, was a co-convener of the boot camp along with Herbert Lin, a CISAC  and Hoover senior fellow, and widely-known cybersecurity expert.

Zegart said the boot camp has grown so popular that a waiting list now exists. And, she points to policy impacts after just three years. For example, a legal counsel to U.S. Sen. John McCain, the chair of the Senate Armed Services Committee, attended a prior boot camp, which resulted in McCain visiting and reaching out to CISAC and the Hoover on cybersecurity issues over the past few years. A lot of those discussions are confidential, but that input had its roots in the boot camp and Stanford experts gather there.

“We created the cyber boot camp precisely because many Congressional staffers had told us this was the type of help they needed,” Zegart said.

In her introductory remarks to the group, Zegart said, “If we can help you, you can help our country.” The boot camp would be focused on, she said, encouraging “new knowledge” and building “new networks of people” in the field of cybersecurity.

Sean Kanuck, an affiliate with CISAC who served as the U.S.’ first national intelligence officer for cyber issues from 2011 to 2016, talked about reframing cybersecurity problems in his keynote address to the Stanford Congressional Cyber Boot Camp.

Exercises, networking

As Zegart said, cybersecurity is an urgent issue for policy makers like those at the boot camp, and last year’s presidential election and major hacking of corporations and security organizations attest to the increasing importance that Washington D.C. now places on it. Preparation is considered critical.

And so, this year’s camp included a simulation exercise with Congressional staffers assuming the roles of executives at a large, fictitious company (“Frizzle”) that is under a major cyberattack.

Each boot camp gets a new round of fresh Congressional faces. Last year, the Los Angeles Times published a story on the boot camp and all of the questions and issues that arose in such a scenario. For example, when should customers or authorities be informed, and what about retaliation? For most, cyber is a brave new world – and expert advice is appreciated – something that Stanford’s boot camp offers.

Evolving security threat

Cyber experts point out that nations are increasingly dependent on information and information technology for societal functions. This makes ensuring the security of information and information technology — against a broad spectrum of hackers, criminals, terrorists, and state actors – a top priority for any country. And it seems like every day, something new is introduced.

“Cybersecurity challenges are evolving at a rapid pace, and the cyber threat the nation faces today will be different from the one it faces tomorrow,” Zegart and Lin wrote in the workshop’s agenda.

Cybersecurity is not merely a technical matter, but a “multi-faceted enterprise” that requires drawing on computer science, economics, law, political science, psychology, and other disciplines, they noted.

The idea behind the boot camp is to help congressional staffers – those writing the nation’s policies on cybersecurity – use “multiple perspectives and disciplines” as they analyze and act on cybersecurity issues.

“The Stanford Cyber Boot Camp endeavors to give congressional staffers a conceptual framework to understand the threat environment of today and how it might evolve so that they are better able to anticipate and manage the problems of tomorrow,” Zegart and Lin said.

That seems to be happening on Capitol Hill, where staffers now know who to call for cyber advice.

Lin said he routinely receives calls from Congressional staffers who are alumni of the boot camp – they are seeking his feedback and guidance on cyber policy or legislation. Of course, those discussions are not for public disclosure, given the sensitivity. Lin was also asked to testify twice before Congress on cyber issues, and he was chosen by the Obama Administration to serve on the President’s Commission on Enhancing National Cybersecurity. He attests that the boot camp opened up the door for him being invited to that commission.

In December 2016, the White House cyber commission, with the help of experts like Lin, issued strong recommendations to upgrade the nation’s cybersecurity systems.

That’s the kind of policy impact the cyber boot camp seeks.

Topics and speakers

Themes covered at this week’s cyber camp:

• the role of offensive operations in cyberspace for improving the nation’s cybersecurity;

• why cyber defense is more difficult than offense;

• the role of market forces in enhancing or weakening cybersecurity;

• automotive cyber security; problems in applying existing law to accelerating technology;

• the economic, psychological, and organizational factors involved in cybersecurity;

• and the fundamental principles of cybersecurity.

Scheduled speakers included:

Condoleezza Rice, senior fellow at the Hoover Institution and former U.S. Secretary of State and National Security Advisor.

Michael McFaul, director and senior fellow at both FSI and the Hoover Institution.

• Marc Andreessen, co-founder and general partner of Andreessen Horowitz.

Toomas Hendrik Ilves, the former president of Estonia; and distinguished visiting fellow this past year at CISAC, Hoover, and FSI.

• Andy Grotto, CISAC fellow, Hoover research fellow, and former senior director for cybersecurity policy at the National Security Council.

• Joel Peterson, chairman of JetBlue Airways; professor at Stanford Graduate School of Business; and chairman at the Hoover Institution Board of Overseers.

The group also will take a walking tour of the Hoover Institution’s Library and Archives and a trip to the Tesla factory in Fremont.

Prior coverage of boot camps:

Stanford News story on 2014 event

CISAC story on 2014 event

CISAC video of 2014 event

Stanford News story on 2015 event

Hoover story on 2016 media boot camp

MEDIA CONTACT:

Clifton B. Parker, Center for International Security and Cooperation: (650) 725-6488, cbparker@stanford.edu