A new strategy for cybersecurity: resilience

Hacker

When we entrust our finances, personal information, and important parts of our identities to computers, protecting this information from malicious software and hackers should be no less important — perhaps more so — than protecting our physical property.

In December 2016, Jonathan Reiber, Senior Fellow at the Berkeley Center for Long-Term Cybersecurity, delivered a talk at FSI’s Center for International Security and Cooperation on this topic. Reiber, who worked at the Pentagon for six and a half years, presented attendees with a condensed summation of his expertise, laying out his vision for the future of cybersecurity. We are, he declared, at “a crossroads of two futures,” the first characterized by “pervasive, destructive attacks,” and the second - his preferred option - a future wherein “cultures of cybersecurity and resilience take root.”

Reiber established the stakes of the debate around cybersecurity with an outline of the major cyberattacks in recent history. These included the virus that attacked 30,000 Saudi Aramco workstations; the allegedly Russian-instigated hack of Ukraine’s power grid in 2015, which resulted in 225,000 people losing power for six hours; and the Bangladesh Central Bank heist this year, in which hackers stole $81 million. Such attacks are only likely to increase in scale and seriousness, Reiber warned, if we are not vigilant in securing our information.

Still, he struck an optimistic tone when discussing the possibilities for advancement in this area. He stressed that a coordinated effort to prevent cyberattacks must involve a robust partnership between the public and private sectors. When asked about the distrust that some in Silicon Valley have for the government — particularly in light of such cases as the treatment of Edward Snowden and the San Bernadino shooter’s iPhone — Reiber was confident that the government’s relationship with the IT sector is improving. Secretary of Defense Ashton Carter, he added, “has done a tremendous job building bridges with the private sector,” and that he had faith that there are “patriots aplenty in Silicon Valley.”

The key prescriptive change that Reiber emphasized was a move away from the obsession with preventing cyberattacks and towards a focus on “resilience.” Given the inevitability of cyberattacks, he reasoned, we must plan for the worst and ask ourselves how we might adapt in the event of a cyberattack. For technology firms, that might involve backing up data every day. For private citizens, we might develop a kind of psychological resilience — Reiber implored that we “make time just to be human,” and remember to enjoy a world outside the one online.