Last week, the White House Commission on Enhancing National Cybersecurity held its third of six scheduled meetings around the nation. President Obama established the Commission by Executive Order in February 2016 with the goal of “recommending bold, actionable steps that the government, private sector, and the nation as a whole can take to bolster cybersecurity in today’s digital world.”
Key private and public stakeholders were invited to be panelists to discuss three main topics: Addressing Security Challenges to the Digital Economy; Collaborating to Secure the Digital Economy; and Innovating to Secure the Future of the Digital Economy. Among the invited panelists were executives and security officers from Google, Facebook, the University of California, The William and Flora Hewlett Foundation, and Kleiner Perkins Caufield & Byers, who provided their input and recommendations on research & development, technology, and innovation.
One of the key points addressed by the panel was the trade-off between mandated security standards and innovation. The Commission asked panelists how companies can be incentivized to keep investing in security instead of simply meeting the minimum standards. Weighing safety against costs is an issue for any company, but that balancing is particularly pronounced in the fast-moving technology industry where it could be prohibitively expensive to ensure security standards keep up with evolving technology. In response, a few panelists recommended the creation of a new federal agency to oversee cybersecurity.
Throughout the day, the panelists emphasized the need for education about cyber threats and security, both for current consumers, and the current and future workforce. Panelists also called for greater transparency and information sharing about cyber attacks and user data requests, and greater international collaboration.
One particularly interesting portion of the day occurred when the Commission asked panelists what the next “cyber-Pearl Harbor” might be, quoting former Secretary of Defense Leon Panetta. One panelist explained that he was “terrified” of the growth of the Internet of Things, and called for technology to be maintained and secured for the lifetime of the product it is attached to, which in many cases—like cars, for example—are 10 years or more. Another panelist warned about increasing machine intelligence.
Ultimately, as one panelist commented, technology alone will not solve cyber threats; there will also need to be smart policy to both solve the crises of the moment and plan for the future.
An audio recording of the meeting is made available by UC Berkeley’s Center for Long-Term Cybersecurity.
The Commission will deliver its final report to the President by December 1, 2016.