Ambassador Steven Pifer, BA ’76, a top expert in U.S.-European relations, arms control and security issues and retired State Department Foreign Service officer, has been named to a new senior position at Stanford University.

Starting in September 2018, Pifer will be a William J. Perry Fellow at Stanford's Freeman Spogli Institute for International Studies (FSI). At FSI, he will be affiliated with the Center for International Security and Cooperation (CISAC) and The Europe Center (TEC), where he will lead the European Security Initiative.

From 2008-2017, Pifer was a senior fellow in the Arms Control and Non-Proliferation Initiative, Center for 21st Century Security and Intelligence, and the Center on the United States and Europe at the Brookings Institution, where his work focused on nuclear arms control, Ukraine and Russia. At Brookings, he authored The Eagle and the Trident: U.S.-Ukraine Relations in Turbulent Times and co-authored The Opportunity: Next Steps in Reducing Nuclear Arms as well asnumerous papers, op-eds and articles.

A retired Foreign Service officer, his more than 25 years with the State Department included assignments as deputy assistant secretary of state in the Bureau of European and Eurasian Affairs (2001-2004), ambassador to Ukraine (1998-2000), and special assistant to the president and senior director for Russia, Ukraine and Eurasia on the National Security Council (1996-1997). In addition to Ukraine, Pifer served at the U.S. embassies in Warsaw, Moscow and London as well as with the U.S. delegation to the negotiation on intermediate-range nuclear forces in Geneva. From 2000 to 2001, he was a visiting scholar at Stanford’s Institute for International Studies.

Michael McFaul, director of FSI, said, “I am delighted to have Steve join our team. In addition to his scholarly and policy work on European security and nuclear arms control, we look forward to his teaching and training a new generation of leaders from Stanford University.”

“His expertise will be invaluable in developing the European Security Initiative,” said Anna Grzymala-Busse, incoming director and senior fellow in FSI’s Europe Center.

Scott Sagan, senior fellow at CISAC, said, “We are thrilled to welcome Steve back to Stanford, where his deep nuclear expertise and policy experience negotiating arms control agreements will serve as an immense asset to CISAC researchers, students and fellows.”

Pifer’s work at Stanford will include teaching in the CISAC Fellows’ Policy Workshop, and teaching a course on European security in the Master’s in International Policy program at FSI.

Pifer expressed his excitement, saying, “I am delighted to return to Stanford and honored to have the opportunity to join CISAC and FSI to support Stanford’s unparalleled research, teaching and policy work in international security.”

Colin H. Kahl will serve as co-director of the social sciences for Stanford’s Center for International Security and Cooperation (CISAC).

Kahl, a top international security expert and veteran White House advisor, is the Steven C. Házy Senior Fellow at Stanford’s Freeman Spogli Institute (FSI) for International Studies. He begins his new position on September 1, following Amy Zegart, the previous co-director for the social sciences. Rodney Ewing is the CISAC co-director for science and engineering.

Prior to Stanford, Kahl was an associate professor in the Security Studies Program at Georgetown University’s Edmund A. Walsh School of Foreign Service. From 2014 to 2017, he was deputy assistant to the U.S. president and national security advisor to the vice president. In that position, he served as a senior advisor to President Obama and Vice President Biden on all matters related to U.S. foreign policy and national security affairs, and represented the Office of the Vice President as a standing member of the National Security Council Deputies’ Committee.

Kahl’s research is focused on American grand strategy and a range of contemporary international security challenges, particularly digital and nuclear security, which are core CISAC research areas.  He also leads the Middle East Initiative at FSI. The Initiative seeks to improve understanding of how developments in the Middle East impact people in the region and security around the globe.

In the Winter Quarter, Kahl will teach a course, “Decision Making and U.S. Foreign Policy,” in the Ford Dorsey Master’s in International Policy program; he will also co-teach CISAC’s introductory class, “International Security in a Changing World.”

“For more than three decades, CISAC has been one of the nation’s premier centers for interdisciplinary research on international affairs,” Kahl said. “The Center has a long tradition of bringing together social scientists and hard scientists to conduct cutting edge, policy-relevant research on some of the most pressing security challenges we face,” Kahl said. “I look forward to working with Rod Ewing and my other CISAC colleagues to continue and expand upon this tradition of excellence.”

“Colin Kahl, who has both academic and extensive policy experience through his work in government and think tanks, will be a terrific co-director and asset to CISAC,” said Ewing.

“We are thrilled that Colin will be leading CISAC with Rod Ewing. Colin’s extensive experience in both theory and policy will enhance CISAC’s work in all areas,” said FSI Director and Senior Fellow Michael McFaul.

Kahl received his B.A. in political science from the University of Michigan (1993) and his Ph.D. in political science from Columbia University (2000).

MEDIA CONTACTS:

Colin H. Kahl, Center for International Security and Cooperation: ckahl@stanford.edu
Katy Gabel, Center for International Security and Cooperation: (650) 725-6488, kgabel@stanford.edu

The Freeman Spogli Institute for International Studies would like to extend the warmest best wishes to Senior Fellow and Raymond A. Spruance Professor of International History, David Holloway. After over 30 years as an expert in political science and history at Stanford University, Holloway will retire on September 1, 2018.

David Holloway was co-director of the Center for International Security and Cooperation (CISAC) from 1991 to 1997, and director of FSI from 1998 to 2003. His research focuses on the international history of nuclear weapons, science and technology in the Soviet Union, and the relationship between international history and international relations theory. He is best known for his book Stalin and the Bomb: The Soviet Union and Atomic Energy, 1939-1956 (Yale University Press, 1994) which was chosen by the New York Times Book Review as one of the best books of 1994. Holloway has also actively contributed to the Bulletin of the Atomic Scientists, Foreign Affairs, and other scholarly journals over the course of his career.

As a member of our institute, Holloway’s quiet warmth and kindness have always been infectious, both inside and outside of the classroom. The depth and insight of his work over the years, not to mention his dedication to FSI and the Stanford Community at large, has been an inspiration. He will be sorely missed. We all wish him the very best with this new chapter in his life and with the completion of his latest book, a complete global history of nuclear weapons, non-proliferation, and international politics, due to be published in 2019.

We caught him to hear his views on recent developments in U.S.-Russia relations one last time and to talk about his time at Stanford.

At the NATO summit, Trump claimed that Germany “is a captive of Russia.” Is there any foundation to this claim?

I don't think so. Trump made the statement in connection with the Nord Stream Oil Pipeline. A lot of people have criticized Germany for building this because it will increase German reliance on Russia. Critics believe that by sending oil through Germany, Russia will potentially have more freedom to interfere in Ukrainian territories. However, the German government has reassured the international community that they would help Ukraine if Russia does use the pipeline to push for recognition of the annexation of Crimea. In Germany’s defense, I think they feel that they have to have economic relations with Russia unless they are in a state of war or close to one – it is the only logical arrangement.

How do you think we can reconcile the disjunction between the U.S. president’s pro-Putin statements and position at the Helsinki press conference with the fact that his administration is implementing sanctions against Russia? 

The policies certainly look contradictory. Trump has not said anything critical about Putin (which is remarkable when he is quite willing to say critical things about everybody else), yet, as you say, his administration has imposed tough sanctions. Why is Trump so reluctant to support his own administration? And why is it that he wanted to meet Putin in the first place? We just don’t know.

On a related note, the Chinese claim that Trump is a very good tactician/strategist and that his behavior at the Helsinki summit was “Kissinger-in-reverse.” That is, it was intended to weaken Russia's ties to China by offering better ties with the U.S. and potentially with Western Europe. Thus, the Chinese see Trump’s performance not as a sign of incompetence and incoherence (as many do in the West), but as further evidence of his coherent strategy.

We often ascribe a malicious masterplan or intentional nefariousness to adversaries. For my part, while possible that the president has a master-plan, I think it is most likely that he does not. Trump has created a backlash against Russia in the U.S. which will make it even more difficult for U.S.-Russian relations to improve in years to come.

There have been a number of articles written about Trump’s push for increased allied investment in NATO; he started by pushing for all members to meet the 2 percent GDP investment quota, but then demanded that they invest 4 percent. Is demanding 4 percent feasible?

The truth is that every American president has pushed the European members of NATO to spend more on defense. Even Obama did it. However, Trump has done it much more openly and offensively. I think the push for 4 percent was more a case of showmanship; the stance he was taking was, “You're not even at 2 percent but you should really be at 4 percent!”

What is the impact of all of this?  I have certainly seen many Europeans turn around say that the E.U. cannot rely on the U.S. anymore. If we have a Trump administration for another six years and/or a U.S. administration in 2020 that takes a similar line, I think we could well see the end of NATO. 

The President’s remarks referred to the fact that only 9 of NATO’s 29 members have reached the 2 percent quota. Yet many NATO advocates are counter-arguing that many of the remaining 21 nations have significantly increased their defense spending. How would you weigh in?

I would agree with NATO advocates and add that the reason why expenditure got so low in the first place is that, after the end of the Cold War, Europe seemed peaceful. I think the 2014 annexation of Crimea by Russia somewhat changed this perception, and the parts of the continent most under threat are the Baltic States and Georgia. As a side note, we should also remember that NATO troops have fought and died in Iraq and Afghanistan alongside the U.S. It is not that they have been doing nothing.

The President claims he vastly improved U.S.-Russian relations at the Helsinki summit. Others, like FSI Director Michael McFaul, claim that the summit was further evidence that we are in an era of “Hot Peace” with Russia. What do you think?

Before I answer your question, I want to say that I think it is good to have Russian and American leaders talking to each other. These are the two largest nuclear powers; I think that there should be open communication on military issues and nuclear issues most particularly.

The world isn't at stake in the same way it was during the Cold War. Yet, there are still fears of military conflict, and we have a new phenomenon: election hacking. The question of Russian meddling in the last U.S. election is complicated by Trump's relationship with Russia. The press conference at Helsinki was so extraordinary, not least because, if Trump really wanted to open a dialogue with Russia, he greatly damaged his chances by virtue of his own behavior. If, instead, he had insisted that Putin did interfere—openly declared his trust in his own intelligence services—I do not believe that the Russians would have walked away. I believe they have an interest in having a dialogue with the United States.

Some political scientists argue that we are now in a new Cold War in Asia, namely with North Korea and/or a possible North Korean-Chinese alliance. Do you agree?

I think of the Cold War as having three elements. First, after World War II there was a geopolitical element: the USSR wanted to control Eastern Europe both for security reasons and for ideological reasons. Second: the U.S. and its West European allies were motivated to help spread principles of liberal democracy and market capitalism, the Soviet Union’s Communist Party wanted to rule via centralized government control and a centrally-planned economy. Third, we had a military element: the arms race and the build-up of huge military confrontations.

Based on these three elements, I'm inclined to see what's going on now more as a breakdown of the international system created after World War II and that the U.S. had dominated. America is not as powerful as it once was. First, Russia turned out not to be a great fit for the established international system, for a variety of reasons. Second, China has risen to become an economic powerhouse that seeks to extend its influence – not (primarily) by military means but through the “belt and road” initiative investment, by building infrastructure in surrounding states. There was always a difficult relationship between the U.S. and China, but nothing like what the U.S.-Soviet relation was at the height of the Cold War.

With everything that has happened in the last few years, which event is going to prove a truly pivotal point for contemporary history when we look back in 20 or 30 years' time?

I think that the ten-day trip that Trump took to Europe was pivotal. The attacks on NATO, not to mention the way he treated Britain (Theresa May in particular), and what we know about his conduct during his meeting with Putin… I think we may look back on that week as a pivotal moment in the breakup of the transatlantic relationship. I don't know what it portends for U.S.-Russian relations, but I think it has made those relations much worse.

Let’s talk about your career here at Stanford. What brought you to FSI originally?

I had an invitation to come for a visit of three years. I was teaching in Edinburgh at the time, and I got a letter from Condi Rice, who was the assistant director of CISAC back then. After the three years, I decided I wasn’t going back. What was so attractive about FSI was the people. I know it may sound rather cliché, but there was such a great sense of possibility about the place. If you had an idea, instead of hearing people say, “Oh, we've never done it that way,” people would say, “Oh, yeah, let's see if we can help you do that!”

What is your fondest memory from your time at Stanford?

That's very difficult. I think one of my best memories is when Gorbachev came to speak at Stanford back in 1990. He gave a speech in the Stanford Memorial Auditorium, and the place was packed; it was at the height of Gorbo-mania. In the course of the speech he thanked some of us at FSI for helping to bring about the improvement in US-Soviet relations…Bill Perry, Pief Panofsky, Sid Drell, and myself. And that was – that's a pleasant moment to remember.

What advice would you give an undergrad starting at Stanford?  And what advice would you give a graduate student hoping to have a career in political science, history, or policy?

To the undergrad, my advice is rather obvious: at Stanford, you have this chance to look around and to try different things, new subjects and programs. Take full advantage of that!

To graduate students: I think most assume that when you choose to be a graduate student, you're choosing to be a specialist in a discipline. That’s true! Yet, at the same time, it is also very important to look around and see what there is outside your discipline, to learn how to communicate with people, particularly ones with other interests and in other fields.

We talk a lot about interdisciplinary work. But truly interdisciplinary work is very difficult. When I came to Stanford, I thought it fantastic that FSI had specialists in such diverse fields all in one place. At the time we had John Lewis who was a China specialist. Sid Drell was a physicist with a lot of experience working on national security issues. Phil Farley spent a long time in the State Department working on arms control issues. I learned a lot from Sid Drell; I wasn't doing physics, but we wrote something together. That kind of possibility and opportunity was incredible. I continued to love this about Stanford over the past 30 years, and I've been very grateful for all of these opportunities. 

As a last thought, I remember a conversation I had with John Hennessy when he was Dean of Engineering, and I was director of FSI. I remember telling him that, much to my surprise, a lot of our best supporters were (and continue to be) engineers. He said, “That’s obvious! No engineer thinks that his discipline alone can solve a problem. You have to work with other people when you're doing something!”

Then he said, “Engineers are also not averse to trying to raise money!” [laughter]

With so much circulating about the Helsinki summit on social media and in the press, we asked one of our resident Russian experts and historians at CISAC, Prof DAVID HOLLOWAY, for his 60 second quick take-aways on the Trump-Putin meeting of July 16th.

Quick-Take: Helsinki 2018 with David Holloway 

Q:What specific results/agreements have come out of the meeting?

A: That’s not clear.  We have only the press conference to go on.  Putin mentioned a number of areas in which working groups might be reestablished.  Trump mentioned that the NSC would follow up with the Russians on issues addressed in the meeting.  Those included arms control, the humanitarian in Syria, and counterterrorism.  Cooperation in those areas could be beneficial. 

Q: Trump mentioned that the meeting marked a “fundamental change” in US-Russian relations.  Is that true?

A: First, we don’t know what specific agreements – if any – have been concluded.  A broader dialogue between the two governments appears to be likely, and there are some areas in which agreement could be reached quickly – extension of New START, for example.  But reconstituting working groups is no guarantee that agreements can be reached.

Second, the tone of the press conference was extraordinary.  Trump’s earlier tweet that the US was to blame for the worsening of US-Russian relations set the tone.  Putin showed much greater command of the issues than Trump, which was to be expected.  Trump seemed obsessed by US domestic politics and his own political position, which was not a surprise.  Trump’s unwillingness to back his own intelligence agencies on the issue of Russian interference in the 2016 election was perhaps predictable, but nonetheless remarkable in the context of a meeting with Putin.

Third, taken together with the NATO summit last week, the meeting with Putin may come to look like a turning-point in US foreign policy, overturning – or at least greatly weakening – a long-standing alliance and creating dangerous uncertainty in European security relations.

About David Holloway:

DAVID HOLLOWAY is the Raymond A. Spruance Professor of International History, a professor of political science, and an FSI senior fellow. 

His research focuses on the international history of nuclear weapons, on science and technology in the Soviet Union, and on the relationship between international history and international relations theory.

Want to hear more from our experts?

FSI Director, MICHAEL MCFAUL, has been reporting live on the Trump-Putin summit from Helsinki. For access to his interviews with NBC News and MSNBC in the lead up to and the aftermath of the July 16th meeting, click here. To hear his post-Summit interview with NPR News, click here. 

In her latest article for The Atlantic , 'The Self-Inflicted Demise of American Power', CISAC co-Director AMY ZEGART argues that Trump’s foreign-policy doctrine can be summed up as “Make America Weak Again.” For the full article click here.

FSI's Deputy Director, KATHRYN STONER weighs in on the Helsinki summit and how disheartening it is to our own president reject the findings of our own Justice Department and Intelligence Agencies to defend Putin and blame everything on Hillary Clinton and her email servers. Listen to the episode of Background Briefing with Ian Masters click here. 

Discover More:

Check out the Russia Research page on our website for all articles and interviews about US-Russian relations with FSI faculty and visiting scholars.

On May 30, Congressional Representative Steve Russell spoke to Stanford students enrolled in Technology and Security (MS&E 193/293) about the role of Congress in national security. 

The Freeman Spogli Institute for International Studies at Stanford University is very pleased to announce that Lieutenant General H.R. McMaster, US Army (Ret.), has been appointed the Bernard and Susan Liautaud Visiting Fellow at FSI effective September 1, 2018. 

McMaster will also hold the Fouad and Michelle Ajami Senior Fellowship at the Hoover Institution at Stanford University, and serve as a lecturer at the Stanford Graduate School of Business in management.

“H.R. McMaster is a soldier-scholar who has seen war from every angle -- on the hot battlefield and through the cold judgment of history. Few officers ever serve their country in the highest levels of government. Fewer still have done so while getting a Ph.D. and writing an influential book about civil-military relations,” says Amy Zegart, a senior fellow and co-director of the Center for International Security and Cooperation at FSI. “He will bring a deep well of expertise and experience to the Hoover and Stanford communities. We are thrilled to be welcoming him back to the Farm.”

H.R. McMaster served in the United States Army for 34 years before his recent retirement in June 2018. Until recently, he also was the 26th Assistant to the President for National Security Affairs.

Alongside his military career, he earned a Ph.D. in American history at the University of North Carolina at Chapel Hill in 1996. He has published essays, articles, and book reviews on history, the future of warfare, and leadership in numerous publications including, but not limited to, Foreign Affairs, the Wall Street Journal, and the New York Times. 

His seminal work is his book Dereliction of Duty: Lyndon Johnson, Robert McNamara, the Joint Chiefs of Staff and the Lies that Led to Vietnam, published in 1997 and subsequently a New York Times bestseller.

In recent years he has been voted one of TIME magazine’s “100 Most Influential People in the World” and Fortune’s “50 World’s Greatest Leaders”.

“I am delighted to welcome H.R. McMaster back to the Stanford community,” says FSI director Michael McFaul. “In addition to his insights regarding national security strategy for the academic and policy worlds, we look forward to his contributions to the education and training of future foreign policy leaders from Stanford University.”

Paul N. Edwards of CISAC has been appointed as a lead author for the Sixth Assessment Report of the Intergovernmental Panel on Climate Change (IPCC). The IPCC is the scientific organization supporting the United Nations Framework Convention on Climate Change (UNFCCC).  Organized by the United Nations and the World Meteorological Organization, the IPCC’s reports provide the scientific underpinnings for the international climate negotiations that led to the 1997 Kyoto Protocol and the 2015 Paris Agreement on climate change.

The IPCC reviews the state of the science of climate change every 5-7 years. Its Sixth Assessment Report—to which Edwards will contribute--will be completed in 2021. Edwards will serve as lead author for four years to develop, review, and complete the assessment.

Through his appointment, Edwards becomes the first social scientist to serve as a lead author in Working Group 1, which assesses the physical science of climate change. The other two working groups deal with impacts, adaptation, and vulnerability (Working Group 2) and mitigation of climate change (Working Group 3).  Edwards will travel to Guangzhou, China, next week for the first meeting of lead author—a trip for which he has purchased carbon offsets.

Paul N. Edwards is William J. Perry Fellow in International Security and Senior Research Scholar at CISAC, as well as Professor of Information and History at the University of Michigan. At Stanford, his teaching includes courses in the Ford Dorsey Program in International Policy Studies and the Program in Science, Technology & Society. His research focuses on the history, politics, and culture of knowledge and information infrastructures. He focuses especially on environmental security, including climate change, Anthropocene risks, and nuclear winter.

Edwards’s book A Vast Machine: Computer Models, Climate Data, and the Politics of Global Warming (MIT Press, 2010), a history of the meteorological information infrastructure, received the Computer Museum History Prize from the Society for the History of Technology, the Louis J. Battan Award from the American Meteorological Society, and other prizes. The Economist magazine named A Vast Machine a Book of the Year in 2010. Edwards’s book The Closed World: Computers and the Politics of Discourse in Cold War America (MIT Press, 1996) — a study of the mutual shaping of computers, military strategy, and the cognitive sciences from 1945-1990 — won honorable mention for the Rachel Carson Prize of the Society for Social Studies of Science. Edwards is also co-editor of Changing the Atmosphere: Expert Knowledge and Environmental Governance (MIT Press, 2001) and Changing Life: Genomes, Ecologies, Bodies, Commodities (University of Minnesota Press, 1997), as well as numerous articles.

Introducing Cyberspectives, a new podcast analyzing the cyber issues of today with host John Villasenor.

In the inaugural episode, guest Andrew Grotto provides analysis on a broad range of cyber issues, including questions regarding areas of cyber most in need of national level attention, aspects of cyber that are underappreciated, emerging opportunities in the commercial cybersecurity sector, and how the academic community can best contribute to the cyber policy dialog.

About the guest:

Andrew Grotto is a William J. Perry International Security Fellow at the Center for International Security and Cooperation and a Research Fellow at the Hoover Institution, both at Stanford University. Before coming to Stanford, Grotto was the Senior Director for Cybersecurity Policy at the White House in both the Obama and Trump Administrations. Prior to that, he was Senior Advisor for Technology Policy to Commerce Secretary Penny Pritzker.

KEY EXCERPTS FROM THE ANDY GROTTO INTERVIEW

(the text below has been condensed and edited for clarity)  


John Villasenor:  
Is there anything less obvious that you'd say about aspects of cyber that you think are particularly deserving of national level attention—other than the obvious such as protecting critical infrastructure?

Andy Grotto:  
To me, one issue that really jumps out at me based on my experience, is I think there's a lot of open questions around the appropriate allocation of responsibility between the government and the private sector for defending against cybersecurity threats, and so I'll use an analogy from the physical world: we would never expect in a million years the operator of a power plant to defend a plant against a North Korean ballistic missile. That mission is squarely the government's job.

And, the cyber analog to that, though, is a little tricky because if North Korea conducted a highly sophisticated cyberattack against a plant, we might say, “Okay, yeah, maybe it's unreasonable for the plant to be able to defend against that kind of sophisticated attack.” But, what if it was just a criminal group, a domestic criminal operator who happened to come up with a sophisticated attack? Does it matter that the identity of the perpetrator was a nation state vs. some ambitious vandal?

And then, on the opposite end of the spectrum, if North Korea were to send in a lone agent to break into the power plant and sabotage it, and the sabotage caused catastrophic power outages and damages to the economy and loss of life, obviously, that's still a national security matter for the government to devote resources to both preventing and remedying, but we would also have a lot of questions about whether or not the power plant operator did its job. We would want to know, "Okay, so did you have perimeter security? Did you lock the front door? Why was your security vulnerable to such a single point of failure?"

So there's a blended responsibility. And, I don't think that that line is clear in the cyber context because a nation state adversary could use a relatively low-end, even unsophisticated attack to conduct an attack with national security implications, partly owing to the fact that it was a nation state that did it. In that case, it's a national security issue.

John Villasenor:  
So you're saying that this sort of allocation, it's easy to come up with the extreme ends of the spectrum. But, most of the stuff that we actually encounter in terms of cyber challenges is going to be somewhere in the less clear middle ground, and you're saying that allocation of responsibility is hard, and I think that's a terrific point. The other thing I wanted to briefly reflect on is: You made a really important comment. You stated, correctly, of course, it's clear that there's a lot of energy spent responding to crises, cyber crisis of one form or the other. My question in response to that observation is, is that also a risk? It's a risk in any domain, but is it a particular risk in this domain that our energies understandably get directed towards solving crises, but in doing that, we then fail to sort of take a step back and look at the big picture and take some of the steps that could make some of these crises not happen in the first place?

Andy Grotto:  
Yeah, it is a challenge, and I think if I could pick a point of optimism here: it's that part of the reason why, I hope, why crises consumed so much bandwidth during my time in government is because oftentimes these crises presented matters of first impression for decision makers, especially the time when the broader cyber mission space was evolving within and across different agencies of the government. It meant that getting decisions made on cyber questions just took a lot more time, energy and resources than they might take in other domains.

So, my point of optimism is that as the government develops some muscle memory around how to deal with policy challenges in the cyber context, those decision costs will start to come down. They may still be high relative to other domains, but they hopefully won't be quite as high as I thought they were, at least, during my time.

John Villasenor:   
Are there any areas of cyber that you think are particularly underappreciated, in other words, that aren't getting the attention they deserve in light of their potential importance?

Andy Grotto:  
I mentioned the allocation of responsibility question for critical infrastructure. That's one. I'll offer two additional ones. The first is a lack of really reliable data around the cost of cyber incidents. There are various studies out there on what a data breach costs. What we're seeing more and more is scholars and statisticians pulling some pretty divergent conclusions from this data, which says something about the data.

So, I think that's an area where I would like to see a lot more scholarly attention and focus by industry and government, because I think if we can generate better data about the cost of cyber incidents, it will help enterprises across the country manage their risk more effectively, and then potentially even create a more vibrant insurance market.

And then the other area that [needs] more attention is sort of what I call third-country issues and offensive cyber operations. In a cyber context, that identity relationship between the physical location of the adversary and the target, as it were, the physical target, isn't in place, so, an adversary may be in country A operating malicious cyber infrastructure in country B, and so, an operation against that adversary in country A may actually have to take place in country B, which may or may not have anything to do with whatever conflict the US government or pick-your-government has with country A. So, that was a third country in the mix that creates, I think, some challenging policy and legal questions.

John Villasenor:           
And I would assume that's not only the exception. That's likely, more often than not, going to be the case, right? If you're an attacker, the last thing you want to do is, you know, make it obvious where the attack's coming from, so I would assume one of the first things you're going to do is to try to launch it from somewhere that at least tries to mask your identity, right?

Andy Grotto:                
Right, and one of the unfortunate twists here is that our adversaries are also very familiar with US surveillance law and constitutional protections here domestically, so what adversaries will do is they will purposefully compromise infrastructure in the United States and use that infrastructure as part of their attack infrastructure because they know that, in a way, in a practical matter, it's harder for the US government to operate domestically against a national security threat such as that than it is if that same infrastructure were in a third country, because we would need probably cause and satisfy legal requirements that just aren't the same if we're operating overseas.

John Villasenor:           
Let me ask another question, and this is the one where anybody who's a venture capitalist should be particularly interested in your answer here, or a startup company: Obviously, there's an enormous commercial sector devoted towards cyber solutions of all shapes and sizes. The question is, while that's a large sector, it's less clear that it's covering all the bases. Are there any obvious gaps in the types of solutions you see reflected in today's commercial offerings? If you were going to leave the academic/policy world and start a cybersecurity company, is there a particular sector of cybersecurity that you think is ripe for better solutions commercially?

Andy Grotto:  
I think any technology that can do what a human does in cybersecurity more efficiently and more effectively has huge potential because time and time again, the critical shortage in enterprise, whether it's the federal government or in private companies, is human capital, the need for people to do IT and solutions that can perform, can automate these tasks, I think, have huge potential in the future. I think IoT cybersecurity is, I think, a massive opportunity, how to both build efficient solutions into products, but also how to retrofit products that have bad security with more effective security. I think that's a huge market.

John Villasenor:   
For people in the academic community, on the cyber policy side, again, putting the obvious aside: is there anything that you see as a particularly ripe avenue for people in the academic policy world to contribute to help move the dialog forward on cyber issues?

Andy Grotto:  
Yeah, so on the sort of policy side specifically, I would say, one area is data on cost of incidents, on the behavior of enterprises in the face of uncertainty around cyber risk. I think there's a huge need and opportunity for doctoral students looking for dissertations to delve into some of these empirical questions about measurement and whatnot.

I would love to see more psychologists in the cybersecurity business. If you look at studies of how adversaries break into enterprises and organizations, they're almost, for the most part, exploiting human weaknesses. There's this spearfishing, right, that, things like that, and getting a better handle on how to make people, whether they're IT professionals or just users of IT, you know, either less vulnerable or effective at fending off attacks, I think there's a huge need and maybe some fascinating questions of psychology there.

And then, I think, a need for management scientists, organizational scientists, to start to unpack how businesses and governments and businesses both within sectors and across sectors can collaborate on common challenges and better characterizing, “What can we learn from history about the ability of like-minded or similarly-situated institutions to tackle complex management” because managing cybersecurity risks is ultimately a management challenge for enterprise, tackling a complicated management challenge like cybersecurity.