Can Information Security Survive?
-
Almost every company is asking the question of survivability – how to balance business needs and growth, while meeting regulatory compliance and mitigating security risks? This question is facing organizations of all sizes, and for some the answer is changing the mission and scope of their IT security initiatives. In this session, Malcolm will discuss Intel’s approach to managing risk with its new “Protect to Enable” information security strategy.
Malcolm Harkins is vice president of the Information Technology Group and chief information security officer (CISO) and general manager of Information Risk and Security. The group is responsible for managing the risk, controls, privacy, security and other related compliance activities for all of Intel Corporation's information assets.
Before becoming Intel's first CISO, Harkins held roles in Finance, Procurement and Operations. He has managed efforts encompassing IT benchmarking and Sarbanes Oxley systems compliance. Joining Intel in 1992, Harkins previously held positions as the profit and loss manager for the Flash Products Group; general manager of Enterprise Capabilities, responsible for the delivery and support of Intel's finance and HR systems; and in an Intel business venture focusing on e-commerce hosting. Harkins previously taught at the CIO institute at the UCLA Anderson School of Business and was an adjunct faculty member at Susquehanna University in Pennsylvania. He received the 'Excellence in the Field of Security' award from the RSA conference as well as an Intel Achievement Award. Harkins received his bachelor's degree in economics from the University of California at Irvine and an MBA in finance and accounting from the University of California at Davis.
CISAC Conference Room
Malcolm Harkins
Vice President, Information Technology Group; Chief Information Security Officer; General Manager, Information Risk and Security
Speaker
Intel Corporation
Seminars
The Uses and Limitations of Forensic DNA Typing
-
The tools of molecular biology have augmented forensic biological analyses and contributed to solving crimes, developing investigative leads, and exonerating the innocent. The methods are exquisitely sensitive and highly resolving. Success stories abound and are reported almost daily in the media. Indeed, forensic DNA typing is the gold standard of the forensic science disciplines. Although the methods and interpretations generally are reliable, there are some limitations that scientists, stakeholders, decision makers, and the public may not appreciate. This presentation will provide insight into the applications extolling their value and discussing the problems that need to be overcome or avoided.
About the speaker: Bruce Budowle, PhD, director of the UNT Health Science Center's Institute of Investigative Genetics and vice chair of the Department of Forensic and Investigative Genetics, has been named a Health Care Hero by Dallas Business Journal. He joined the Health Science Center in 2009, bringing renowned expertise in the areas of counterterrorism, primarily in identification of victims from mass disasters and microbial forensics.
Prior to joining the Health Science Center, Budowle spent 40 years as a senior scientist for the Federal Bureau of Investigation (FBI) in Washington, D.C. He was a principal advisor in efforts to identify victims from the World Trade Center attack in 2001 and helped establish a mitochondrial DNA sequencing program to enable high-throughput sequencing of human remains.
Budowle's commitment to helping families resolve missing persons cases led him to Fort Worth after a lifetime in the Virginia/Washington, D.C., area in order to collaborate with Health Science Center researchers and advance the knowledge and use of forensics and DNA to improve health and safety of the world's population. Budowle has also been instrumental in establishing the DNA-ProKids initiative to identify missing children on an international scale.
Reuben W. Hills Conference Room
Bruce Budowle
Director
Speaker
University of North Texas Health Science Center Institute of Investigative Genetics
Seminars
U.S. - India: Doing Business Together
-
Information is available on the World Affairs Council of Houston website.
Anja Manuel
0
anja@rhgm.com
Affiliate
Former diplomat, author, and advisor on foreign policy, Anja Manuel is Co-Founder and Principal along with former Secretary of State Condoleezza Rice, former National Security Advisor Stephen Hadley, and former Secretary of Defense Robert Gates, in Rice, Hadley, Gates & Manuel LLC, a strategic consulting firm that helps US companies navigate international markets.
Anja is the author of the critically acclaimed This Brave New World: India, China, and the United States, published by Simon and Schuster in 2016, and numerous articles and papers.
She is the Executive Director of the Aspen Strategy Group and Aspen Security Forum, a premier bipartisan forum on foreign policy in the United States.
From 2005 to 2007, she served as an official at the U.S. Department of State, as Special Assistant to the Undersecretary for Political Affairs Nicholas Burns, responsible for Asia policy.
Earlier in her career, Anja was an attorney at WilmerHale, working on Supreme Court and international cases and representing clients before the US Congress, Supreme Court, Department of Justice, Department of Defense, and the SEC. She began her career as an investment banker at Salomon Brothers in London.
A cum laude graduate of Harvard Law School and Stanford University, Anja also lectured and was a research affiliate at Stanford University from 2009 to 2019, teaching courses on US Foreign Policy in Asia and Technology Policy.
Anja is a frequent speaker on foreign policy and technology policy, is a commentator for TV and radio (NBC/MSNBC, Bloomberg News, Fox Business, BBC, NPR, etc.), and writes for publications ranging from the Washington Post, New York Times, Financial Times, Foreign Affairs, The Atlantic, Fortune, and Newsweek, among others.
Anja currently serves on the corporate boards of Ripple Labs Inc. and Hims & Hers Health, Inc., is a member of the Council on Foreign Relations, and is a Member of the Defense Policy Board for the U.S. Department of Defense.
She has also served on advisory boards of CARE.org, Center for a New American Security, Flexport Inc., Synapse Inc., and the boards of the Overseas Shipholding Group, Inc., National Committee on US-China Relations, American Ditchley Foundation, and formerly Governor Brown’s California Export Council.
Anja lives in San Francisco with her husband and two children.
Hide publication sections
Off
Soma Somasundaram
Executive Vice President, Dover Fluid Management
Speaker
Lectures
Nuclear Reactor Technology Transfers: A Review of Experiences in the Republic of Korea and China
-
There are currently 60 nuclear reactors under construction worldwide with nearly half of these projects being built in China. There is no doubt that East Asia is emerging as a leader in the international nuclear community where China and the Republic of Korea (ROK) are playing major roles as a result of their aggressive new plant build programs. Both China and South Korea present very interesting case studies where the former is rapidly building up domestic expertise in nuclear construction while the latter has gone one step further in capitalizing successfully on a nuclear export business. Both countries have relied heavily on external commercial support in building up this expertise. In the case of South Korea, the “Koreanization” of nuclear power took place in the 1980’s and 1990’s, first with a large number of Western builds and ultimately a complete indigenization of pressurized water reactor technology through a technology transfer with Combustion Engineering. The Chinese domestic nuclear program has been largely influenced by Western vendors as well; however, there has been significantly less emphasis on exporting the technology up to now as they master the imported technologies for their domestic program. The recent AP1000 technology transfer between Westinghouse Electric Company and China has opened up unique transnational learning opportunities between the United States and China where the lessons learned building the first AP1000 plants in China will be shared with the two U.S. utilities now embarking on new plant construction at the Vogtle and V.C. Summer sites, in Georgia and South Carolina, respectively. This talk will review both the historical experiences of exporting nuclear technology to the ROK and China, as well as the progress being made by these countries in absorbing the technology. Further, the AP1000 passive plant technology will be summarized as an example of the general trend for future designs in response to the reactor accidents at Fukushima Dai-ichi in March 2011. Finally, the advanced construction techniques being used to build AP1000 plants in both the U.S. and China will be highlighted along with their benefits in delivering new plants on schedule.
About the speaker: Dr Matzie is the former Senior Vice President and Chief Technology Officer for Westinghouse Electric Company and was responsible for all Westinghouse research and development undertakings and advanced nuclear plant development. He is also on the Board of PBMR Pty Ltd. and Chairman of the Board Technical Committee. In that role, he assures proper oversight of the design, safety, licensing, research and development, and quality aspects of the PBMR enterprise.
Previously, Dr Matzie was responsible for the development, licensing, detailed engineering, project management, and component manufacturing of new Westinghouse light water reactors and was also the Executive in charge of Westinghouse replacement steam generator projects and dry spent-fuel-canister fabrication projects. He became a Senior Vice President in 2000, when Westinghouse purchased the nuclear businesses of ABB. His career has been devoted primarily to the development of advanced nuclear systems and advanced fuel cycles, and he is the author of more than 120 technical papers and reports on these subjects.
CISAC Conference Room
Regis Matzie
Chief Technology Officer (Former)
Speaker
Westinghouse Electric Corporation
Seminars
Terror Queues and the Duration of Terror Plots
-
About the topic: What could queueing theory, the science of customer flows and delays in service systems, possibly offer towards understanding and countering terrorism? In terror queue models, newly hatched terror plots correspond to newly arriving customers, the number of ongoing terror plots corresponds to the queue of customers waiting to receive service, undercover agents or informants correspond to service providers, customer service is initiated when a terror plot is detected, and service is completed when the plot is interdicted. Not all plots are interdicted; successful terror attacks correspond to customers who abandon the queue without receiving service! Building upon these ideas, we will focus our attention upon a simple observation: other things being equal, the number of ongoing terror plots increases with the duration of time from plot initiation until execution or interdiction (whichever comes first), yet no estimate of the probability distribution governing terror plot duration has appeared in the open literature. Starting with a review of US terrorism-related indictments, lower and upper bounds for the initiation date of 30 distinct Jihadi plots were identified in addition to the date of arrest or an attempted/actual terror act. Accounting for the censoring and truncation effects inherent with these data; the estimated mean duration equals 9 months, while 95% of all plots are estimated to fall between 1 and 25 months. These estimates suggest that in the United States, on average approximately three ongoing Jihadi terror plots have been active at any point in time since 9/11/2001.
About the Speaker: Edward H. Kaplan is the William N. and Marie A. Beach Professor of Management Sciences, Professor of Public Health, and Professor of Engineering at Yale University’s School of Management who is currently on sabbatical as Distinguished Visiting Professor at Stanford’s Graduate School of Business. The author of more than 125 research articles, Kaplan received both the Lanchester Prize and the Edelman Award, two top honors in the operations research field, among many other awards. An elected member of the National Academy of Engineering and the Institute of Medicine of the US National Academies, Kaplan’s current research focuses on the application of operations research to problems in counterterrorism and homeland security.
CISAC Conference Room
Edward H. Kaplan
Professor of Management Sciences, Professor of Public Health, and Professor of Engineering, Yale; Distinguished Visiting Professor, Graduate School of Business, Stanford
Speaker
Seminars
The CIA: Lawless Rogue or Regulated Business?
-
About the topic: The General Counsel takes on the persistent misconception that the Agency operates outside the law
About the Speaker: Stephen W. Preston is General Counsel of the Central Intelligence Agency. He was sworn in on July 1, 2009. By statute, the General Counsel is the chief legal officer of the Agency.
Mr. Preston was previously a partner at the law firm of Wilmer Cutler Pickering Hale and Dorr LLP in Washington, DC, where he was co-chair of the Defense and National Security Practice Group, as well as a member of the Regulatory and Litigation Departments. He joined the firm in 1986.
Between 1993 and 2000, Mr. Preston served as Principal Deputy and Acting General Counsel of the Department of Defense, and as General Counsel of the Department of the Navy.
A member of the District of Columbia Bar, Mr. Preston is a fellow of the American Bar Foundation and a member of the Council on Foreign Relations. He has been active with the American Bar Association Standing Committee on Law and National Security Advisory Committee and, prior to his appointment, served on the board of directors of the Center for Strategic and Budgetary Assessments.
Mr. Preston has received the Department of Defense Medal for Distinguished Public Service (with bronze palm in lieu of second award) and the Department of the Navy Distinguished Public Service Award. He is a two-time recipient of the Central Intelligence Agency’s Director’s Award.
Mr. Preston received a B.A. from Yale University and a J.D. from Harvard University.
Stanford Law School, Room 280B
Stephen W. Preston
General Counsel of the Central Intelligence Agency
Speaker
Seminars
Q&A: Stanford’s Cuéllar and US diplomat on human rights and the Internet
News Type
Q&As
Date
Paragraphs
As the Internet evolves, people around the world have faster, easier ways to connect. Innovative plans and economic opportunities are being hatched online, but so are ideas that challenge governments. Voices of dissent are amplified by social media tools like Facebook, Twitter and YouTube, leaving some countries confused about how to balance free expression rights against perceived threats to national security and government stability.
Working with the Center for International Security and Cooperation at Stanford’s Freeman Spogli Institute for International Studies, Eileen Donahoe is trying to make government officials feel more comfortable with online technology. Donahoe, the U.S. ambassador to the United Nation’s Human Rights Council, recently brought about 35 diplomats from around the world to Stanford. The group met with academics, Internet developers and technology business leaders to address the questions posed by a free and open Internet.
“I know the technology feels mysterious and challenging,” says Donahoe, who was an affiliated scholar at CISAC before becoming an ambassador. “So part of what we tried to do was demystify it. But we also conveyed the message that you’re not going to control technological change. And you’d better get used to it. It’s part of our world.”
In the following interview, Donahoe and CISAC co-director Mariano-Florentino Cuéllar discuss the challenges and potential promised in the online frontier.
Why did you arrange this meeting of diplomats in Silicon Valley?
Donahoe: Some ambassadors who are otherwise very committed to human rights have started to feel that the protections for freedom of expression and freedom of assembly could be weakened or lessened when you bring technology into the mix. There was a sense that governments could legitimately squelch free speech and free assembly when it happened in the online world. That’s a problem because so much of what happens today happens online. The Internet is now so central to the ability to speak freely. It was our responsibility to call them out and make them understand that technology should not change the equation in the protection of human rights.
How has the Internet changed the way we need to think about human rights and free expression?
Donahoe: In some ways, it hasn’t changed anything – free speech is free speech. But new technology has created new media, and that’s all changing at an exponential pace. People are being required to adjust in timeframes that were unimaginable before, and governments can’t keep up. Individuals can hardly keep up. It’s the pace and innovation that’s challenging. But there’s no change in our responsibility to protect the longstanding values of free expression.
What does a free and open Internet have to do with global security?
Cuéllar: Some governments lack a commitment to basic rights and the rule of law. Technology can help people respond by raising their voices. They can organize and respond when their own government threatens citizens’ security. Cyber technologies can also empower law enforcement officials, intelligence agencies and armed forces, raising fundamental questions about the role of government and the nature of conflict in the years to come. The Internet is an evolving technology that reflects vulnerability and enormous potential. Societies depend on government and private sector systems that face a variety of threats. For all these reasons, the future of cyberspace is an important security issue at the very center of our agenda at CISAC.
Why do some governments feel threatened by the Internet?
Donahoe: It comes from the volume of voices you can have online. It comes from the pace of change. And there’s another aspect to online technology that’s intriguing: It is inherently democratizing. Citizens are becoming journalists. Anyone with a cell phone can broadcast live to the planet anything they’re observing. That can be threatening, but I believe it’s ultimately going to be a very positive force for transparency and government accountability.
How do you convince governments worried about those threats that open Internet access is ultimately in their best interest?
Cuéllar: If the leaders of a state see it merely as a vehicle for control and stability, then much of the technology we have been discussing will appear profoundly threatening. States seeking to build or maintain lasting institutions capable of meeting the needs of their citizens will tend to take a different approach, focused on the value of the public’s feedback and participation in governance.
Donahoe: A compelling point – especially for developing countries that may not otherwise place emphasis on the benefits to freedom from technology – is the recognition that there’s an economic upside to a free and open Internet. It can be framed as a development issue. Many government leaders can see that the future of all our economies is so intricately connected to this technology that if they try to squelch or shut down Internet development for political reasons, there will be dramatically negative effects for their economies. And that will lead to political problems. The economic value isn’t my primary human rights emphasis, but it helps to remind governments they run the risk of shutting themselves out of economic development if they don’t get comfortable with the technology.
What role, if any, should governments play in regulating the Internet?
Donahoe: Governments do need to play a role in regulation, just as they do in the offline world. But just because technology is brought into the equation doesn’t mean governments and regulators should be free to regulate too broadly or without concern for the costs to freedom. Just like in the offline world, regulation must be narrowly tailored and serve important government interests. Part of the challenge comes from the sense that governments can’t keep up with the technological advances. So they’re inclined to regulate more – and more bluntly – rather than in a more tailored way. This is where governments need to get more sophisticated about how to adjust to technological change.
What do policymakers need to know and understand before passing regulations?
Cuéllar: The future of cyberspace implicates security, economic development and the protection of civil and political rights – and all of these challenges are deeply interrelated. A country's decision to restrict certain forms of Internet traffic can discourage economic innovation. Internet access in poor communities can lead to new economic opportunities, changing the larger context in which governance and security problems arise. It is crucial to recognize these connections as societies think through the future of cyberspace.
Hero Image
All News button
1
Cybersecurity talk draws business and political leaders to Stanford CISAC
News Type
News
Date
Paragraphs
Computers and the networks that connect them are powerful storehouses of information. They're also vulnerable to sabotage, and the data they handle can be stolen, altered or erased. President Obama has called cyberattacks "one of the most serious economic and national security threats our nation faces."
To help tackle the problem, researchers at Stanford’s Center for International Security and Cooperation are exploring issues in cybersecurity and keeping a close eye on the policy discussions. Earlier this month, CISAC brought together a group of lawmakers and industry leaders from Silicon Valley to discuss new efforts to prevent cyberespionage and related crimes.
Rep. Mike Rogers (R-Mich.) talked about a bill he’s introduced to safeguard technology. "The intelligence community believes strongly that it's just a matter of time before we have a catastrophic cyberattack," said Rogers, chairman of the House Permanent Select Committee on Intelligence. "We have admired this problem for a very long time and it's time to do something."
Among the other speakers were Rep. Anna Eshoo (D-Calif.), Intel Chief Executive Officer Paul Otellini, and security experts from Google, Cisco Systems and Oracle.
After the invitation-only event, CISAC's Mariano-Florentino Cuéllar, Otellini and Rogers discussed the future of the Internet, the scope of the cyberthreat and government's role in defending against it. Excerpts:
There are core questions about where the world is going
"Cybersecurity problems are real and they’re immediate. And the threats are probably growing and the problems we face require solutions. But it’s just as important to think about where we’re going to be 20 to 30 years from now as it is to deal with the immediate problems. That’s because the choices we make about how to secure cyberspace are going to be choices about what your identity will be online, what powers government will have, what nation states will be able to do to each other, what companies will be able to do when they deal with cyberthreats, how aggressively they will be able to respond on their own -- those are essentially choices about the architecture of the world. So it's useful for us to understand as scholars and as people engaged in policy, that choices about cybersecurity are not just technical. They’re really core questions about where is the world going."
-- Mariano-Florentino Cuéllar, co-director, Center for International Security and Cooperation
Preventing electronic pickpockets
"On the commercial side it's no secret that there's industrial espionage going on through cyberhacking. There are also rogue groups that are not nation states, but people who just want to steal your identity. So the ability to see those attacks coming, to see those profiles coming, and to be able to improve the quality of the computer network and the phone networks and the phones themselves will also allow us to protect our own intellectual property as companies, and protect the identity and potentially the financial assets of our collective customers. When your cell phone is your wallet -- as it will be in the not-too-distant future -- all of a sudden that's like having an electronic pickpocket. An attack is going to compromise everything you have. Beyond that, many large technology firms feel that as good corporate citizens and as good local citizens, we have a responsibility to try and make sure the world's computer networks are not disrupted. If computers aren’t trusted, we don't have much of a business. We are commercially incentivized to make all this stuff so much better."
-- Paul Otellini, chief executive officer, Intel.
We can be a partner with industry
"Individually, a company gets hacked for espionage purposes -- that's a criminal event. Collectively, it becomes a national security issue because of the sheer volume of intellectual property that would be compromised. You also have the other level: a disruptive cyberattack that shuts down certain capabilities, whether it's financial, in the energy sector or otherwise. We've fought this fight with dot-gov and dot-mil for quite a long time. Dot-com has, too, but they've been a bit on their own. This proposal has the government weighing in and saying, 'Hey, maybe we can be a partner.'"
-- Mike Rogers, chairman of the House Permanent Select Committee on Intelligence.
All News button
1
Fukushima and the Inevitability of Accidents
Paragraphs
Abstract
Governments regulate risky industrial systems such as nuclear power plants in hopes of making them less risky, and a variety of formal and informal warning systems can help society avoid catastrophe. Governments, businesses, and citizens respond when disaster occurs. But recent history is rife with major disasters accompanied by failed regulation, ignored warnings, inept disaster response, and commonplace human error. Furthermore, despite the best attempts to forestall them, “normal” accidents will inevitably occur in the complex, tightly coupled systems of modern society, resulting in the kind of unpredictable, cascading disaster seen at the Fukushima Daiichi Nuclear Power Station. Government and business can always do more to prevent serious accidents through regulation, design, training, and mindfulness. Even so, some complex systems with catastrophic potential are just too dangerous to exist, because they cannot be made safe, regardless of human effort.
All Publications button
1
Publication Type
Abstracts
Publication Date
Journal Publisher
Bulletin of the Atomic Scientists
External URL