Herb Lin has a long agenda crafted from big ideas.

As CISAC’s inaugural senior research scholar for cyber policy and security, Lin intends to make Stanford the premier hub for academic research and public policy in an effort to protect the world’s computer networks against cyber attacks.

“When I was recruited, Stanford told me to think big. So I’m thinking big,” says Lin, who comes to Stanford from the National Research Council of the National Academies in Washington, D.C., where he was chief scientist at the Computer Science and Telecommunications Board.

“Part of my job is also to find a way to build cyber connections to other parts of the campus – law, medicine, the business school, engineering – so there are a variety of interesting possibilities that I’d like to tackle.”

Even before taking up his new role at Stanford last month, Lin worked with CISAC co-director Amy Zegart to convene a three-day boot camp that brought together Silicon Valley heavyweights and congressional staffers working on critical cyber legislation.

Lin wants to launch a policy journal devoted to research about cybersecurity. He hopes to construct the university’s first undergraduate courses about the foreign policy and economic implications of cybersecurity, as well as the risk analysis of cyberspace. He will represent Stanford's efforts in public commentaries, such as the one he wrote for The Wall Street Journal about how companies can ward off hackers.

And Lin was instrumental in facilitating the Feb. 12-13 White House Summit on Cybersecurity and Consumer Protection at Stanford University. President Barack Obama addressed the summit, the first time a sitting U.S. president conducted business on the Stanford campus in 40 years.

“Obviously the president has a great bully pulpit here, and is highlighting the importance of cybersecurity on the national policy agenda,” said Lin. “We are particularly delighted that he’s come to Stanford – which is recognition of our role in advancing the cybersecurity interests of the nation.”

Lin, who took up his new role at CISAC in January and is also a research fellow at the Hoover Institution, plans to reach across campus to help the university establish a cohesive strategy for the intersection of cyber policy and international security.

“Cyber touches many facets of life,” said Lin, who has a Ph.D. in physics from MIT. “Some of us are interested in the implications of cyber for international security and foreign relations. Others focus on how protect the nation’s critical infrastructure. Still others are trying to develop tools that can be used to make better decisions about consumer protections. I’d like to bring all of that under one coherent theme.”

Lin also helped organize the Department of Commerce’s National Institute of Standards and Technology workshop at Stanford on Feb. 12. The roundtable, which was in coordination with the White House summit, brought together chief technology and security executives to discuss the challenges of implementing consumer protection technologies in real-world conditions.

Lin moderated a panel at that workshop about academic research that has applications for consumer protections against cyber threats. Michael Daniel, special assistant to the president and cybersecurity coordinator at the White House, gave the keynote at the workshop.

Cybersecurity has become a priority for the Obama administration. The White House in October launched the BuySecure initiative, which includes reforms such as securing payment systems and preventing identity theft. Obama also spoke about cybersecurity in his State of the Union address on Jan. 20.

“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets or invade the privacy of American families, especially our kids,’ Obama said.

Track II Diplomacy

Just as CISAC scholars have for decades been involved in Track II diplomacy in foreign policy, nuclear arms control, and counterinsurgency, Lin would like to see Stanford build on that by facilitating dialogue with other nations about ways to protect and defend their digital networks against cyber attacks and breaches.

“CISAC, as you know, has a long tradition of having nuclear dialogue with China and Russia, even during the coldest periods of the Cold War,” said Lin. “I’d like there to be a Track II diplomacy effort for cyber based here at Stanford, which many Chinese regard as the world’s No. 1 university.  That’s a very attractive platform from which a cyber dialog can be started and sustained.”

CISAC Senior Research Scholar for Cyber Policy and Security, and a research fellow at the Hoover Institution, says to understand cybersecurity you must first understand the basic components of locks and keys.

Finally, Lin intends to work with academics and scientists at Columbia University and the American Academy of Arts and Sciences to establish a boot camp for scholars of international relations and political science who want to work on cyber issues.

Last August, Lin worked with Zegart – who is also a senior fellow and associate director for academic affairs at Hoover – to bring in two dozen senior congressional staffers for a rigorous boot camp that paired them with military, academic and technology experts working at the highest levels of cybersecurity.

The three-day camp drew such names at Google Chairman Eric Schmidt and Facebook’s Chief Information Officer Joe Sullivan. Many of the congressional staffers said it was the first time they’d had the chance to closely interact with the very tech executives for whom they are working on protections and legislation.

Stanford announced in November it had launched the Stanford Cyber Initiative with the support of a Hewlett Foundation grant of $15 million. The initiative will take an interdisciplinary approach to address the challenges raised by cyber technologies.

Michael McFaul, director of CISAC’s parent organization, the Freeman Spogli Institute for International Studies, said Stanford is poised to lead in the cyber arena.

“We have a tradition and an ability to do things in an interdisciplinary way,” said McFaul, a professor of political science and a senior fellow at Hoover.

“I think we’re uniquely qualified and uniquely placed to tackle all those here at Stanford, especially because we sit at the heart of Silicon Valley,” said McFaul, who was the U.S. ambassador to Russia for President Obama before returning to Stanford last year. “I expect to see Stanford become the leading institution in the world for addressing cybersecurity issues.”

Readers can learn more about Stanford University’s push into cybersecurity here.

In the 25th anniversary edition of The Journal of Democracy, CDDRL Director Larry Diamond reflects on the current democratic recession and why this trend is so troubling.

Diamond, who serves as the founding co-editor of The Journal of Democracy, argues that the world is in a mild but protracted democratic recession, which raises alarm due to the rate of democratic failures and where they are occurring. In surveying global empirical trends, Diamond cites 25 breakdowns of democracy since 2000 that were not the cause of military coups but rather the slow erosion of democratic rights and procedures.

Another worrisome trend for Diamond is the declining freedom in a number of countries and regions since 2005. This is most notable in Africa where corruption and the abuse of power are leading to the decline of the rule of law and political rights across the region. It is also affecting countries of global strategic importance with large populations and economic influence– from Taiwan to Mexico – and leading to the resurgence of authoritarianism in Russia and China. Diamond also looks to the U.S. where the dysfunction and breakdown of American democracy sets a bad precedent for the rest of the world. 

Diamond concludes on an optimistic note, stressing that strong public support for democracy may reverse many of these troubling trends and help sustain longer-term democratic progress.

From left to right: Thomas Carothers, Carnegie Endowment for International Peace; Alina Mungiu-Pippidi, Hertie School of Governance (Berlin); Marc Plattner, National Endowment for Democracy; Larry Diamond, Stanford University; Steven Levitsky, Harvard University; and Lucan Way, University of Toronto.

Stanford will welcome President Barack Obama to the campus Friday, Feb. 13, where he will address the White House Summit on Cybersecurity and Consumer Protection.  The president will join top-level government officials, corporate CEOs and Stanford faculty members who will gather to discuss pressing issues at the all-day summit organized by the White House.

President Obama is expected to deliver the keynote remarks at the event, which will be held in Memorial Auditorium and in the Cemex Auditorium at the Stanford Graduate School of Business. The invitation-only event will not be open to the public, but Stanford students can register for a lottery to obtain tickets.  Stanford faculty, students and staff members currently researching cyber-related issues have been invited to take part in panels and conversations.

The summit will be Webcast live in its entirety here for those unable to attend in person, and more details will be posted at WhiteHouse.gov/CyberSummit.

The event will mark the first time that a sitting U.S. President has made public remarks at Stanford since 1975, when then President Gerald Ford dedicated the Crown Quadrangle at the Stanford Law School. President Herbert Hoover addressed students at Stanford in 1932, and President Theodore Roosevelt spoke at Stanford in 1903.  President Bill Clinton was a visitor to campus during his presidency, but in his private capacity as a Stanford parent to daughter Chelsea Clinton.

The campus community can expect further information about parking and transportation changes as a result of the president's visit as event details are finalized.

President Obama announced the full-day White House cyber summit during a Jan. 13 speech and said "It's going to bring everybody together – industry, tech companies, law enforcement, consumer and privacy advocates, law professors who are specialists in the field, as well as students – to make sure that we work through these issues in a public, transparent fashion."

From increasing cybersecurity information sharing to improving adoption of more secure payment technologies, topics listed by the White House that the summit will address:

• Public-Private Collaboration on Cybersecurity;

• Improving Cybersecurity Practices at Consumer-Oriented Businesses and Organizations;

• Promoting More Secure Payment Technologies;

• Cybersecurity Information Sharing;

• International Law Enforcement Cooperation on Cybersecurity;

• Improving Authentication: Moving Beyond the Password.

The White House summit is also the next step in the President's BuySecure Initiative, which was launched in November 2014, and will help advance national efforts the government has led over the last two years with executive orders on consumer financial protection and critical cybersecurity infrastructure.

Stanford announced a major Cyber Initiative in November that will apply broad campus expertise to the diverse challenges cyber-technologies pose for virtually every facet of our personal, governmental and economic lives. Funded with a $15 million grant from the William and Flora Hewlett Foundation, the Stanford Cyber Initiative draws upon Stanford's experience with multi-disciplinary, university-wide initiatives to focus research on the core themes of trustworthiness, governance and the unexpected impacts of technological change.

While the agenda for the White House summit has not yet been finalized, among the Stanford faculty members and researchers invited to participate are Amy Zegart, co-director of the Center for International Security and Cooperation (CISAC) and a senior fellow at the Hoover Institution; Stanford Law Professor George Triantis, who chairs the Cyber Initiative; John Mitchell, vice provost for teaching and learning and professor of computer science; and Herb Lin, senior research scholar for cyber policy and security at CISAC and a Hoover research fellow. Stanford President John Hennessy is slated to open the summit and will have the honor of introducing President Obama.

Stanford is preparing for a significant media attendance for the event, and coverage is expected by major television networks and more than 200 journalists from around the world. 

Students interested in registering for the student ticket lottery can consult the Stanford Ticket Office website for further information Monday.  Registration will close Tuesday at 11:59 p.m.

We will be updating this social media story about the summit:

Sarah Mendelson, senior adviser and director of the Human Rights Initiative at the Center for Strategic and International Studies (CSIS) spoke about how human rights scholars and practitioners can push back on closing space around civil society for the Stanford Program on Human Rights’ Winter Speaker Series U.S Human Rights NGOs and International Human Rights on January 21, 2015.

Mendelson, having previously worked as an activist, academic, and government official, addressed the Stanford audience from multiple perspectives about the relationship between U.S governmental agencies and domestic and international NGOs. She emphasized the lack of alignment in the research emerging from academics and policymakers, stressing the need to close the gap between universities and government. Mendelson proposes that public opinion survey instruments be deployed to test the efficacy of NGO work in the field, and that universities, governments and NGOs collaborate in developing these instruments.

There was a great deal of overlap in the issues that Mendelson addressed and those addressed by Douglas Rutzen on January 7, 2015. Both described the alarming movement of governments to close space around civil society, stating that the trend has now extended far beyond Russia to become a global phenomenon. Mendelson probed the audience with challenging reflections on the potential negative consequences of the Silicon Valley open agenda approach towards data transparency, demonstrating how governments view the increased connectivity as a threat to their sovereignty. Therefore, there is a link between the need for transparent, accountable governments on one hand, and closing of civic space on the other, a paradox that is activating dangerous tensions between governments and their citizenry.

Helen Stacy, director of the Program on Human Rights, followed Mendelson’s talk with questions on the legitimacy of NGOs; the extent to which NGOs are held accountable for their work; and the moral soundness of public opinion. Mendelson responded and concluded with the ultimate need for more powerful data to provide legitimacy for NGOs and for policy to be driven by evidence. Questions from the audience included how ethics tie into international development work, the proper toolset for doing due diligence on an NGO as a potential place of work, and the connection between innovation and humanitarianism.

Dana Phelps, Program Associate, Program on Human Rights

The United States has thrust itself and the world into the era of cyber warfare, Kim Zetter, an award-winning cybersecurity journalist for WIRED magazine, told a Stanford audience. Zetter discussed her book “Countdown to Zero Day,” which details the discovery and unraveling of Stuxnet, the world’s first cyber weapon. 

Stuxnet was the name given to a highly complex digital malware that targeted, and physically damaged, Iran’s clandestine nuclear program from 2007 until its cover was blown in 2010 by computer security researchers. The malware targeted the computer systems controlling physical infrastructure such as centrifuges and gas valves.

Reports following its discovery attributed the creation and deployment of Stuxnet to the United States and Israel. The New York Times quoted anonymous U.S. officials claiming responsibility for Stuxnet. 

Zetter began reporting on the cyber weapon in 2010.

“When the first news came out, I didn’t think much of it,” Zetter told a CISAC seminar on Monday. The title of her book refers to a “zero-day attack," which exploits a previously unknown vulnerability in a computer application or operating system.

“Watching the Symantec researchers unravel Stuxnet, I knew what fascinated me was the process and brilliance of the researchers. The detective story is what pulled me in.” 

Zetter’s book follows computer security researchers from around the world as they discover and disassemble Stuxnet over the course of months, much longer than any time spent on typical malware. The realization that Stuxnet was the world’s first cyber weapon sent shock waves throughout the tech community, yet did not create as much of a stir in mainstream society. 

“It’s funny because a lot of people still don’t know Stuxnet or haven’t even heard of it,” Zetter said. “The recent vandalization of Sony seems to have finally gotten people’s attention. It was not a case of true cyber warefare, but I'm glad that my book came out right before it happened because its perception as a nation-state attack has led to interest in all nation-state attacks, including Stuxnet. The Snowden leaks also put cyber warfare on the map.” 

“Countdown to Zero” also places Stuxnet in political context. The first version of Stuxnet was built and unleashed by the Bush administration in 2007, according to Zetter. Iran accelerated its enrichment process in 2008, leading to fears it would have enough uranium to build a bomb by 2010. President Barack Obama inherited the program; he not only continued it,but accelerated it. Another, more aggressive version of Stuxnet was unleashed in June 2009 and again in 2010. Obama gave the order to unleash Stuxnet while publicly demanding Iran to open itself up to negotiations. 

The effectiveness of the world’s first cyber weapon remains a subject of debate. The most optimistic assessment of Stuxnet is that it delayed and slowed Iran’s uranium development enough to dissuade Israel from unilaterally striking the country, and it afforded time for intelligence and diplomatic efforts. Stuxnet contributed to dissension and frustration among the upper ranks of Iran’s government (the head of Iran’s nuclear program was replaced) and bought time for harsh economic sanctions to impact the Iranian public.

“Stuxnet actually had very little effect on Iran’s nuclear program,” said Zetter. “It was premature, it could have had a much bigger effect had the attackers waited.” Iran still made a net gain in their uranium stockpile while being attacked and they are updating their centrifuges, which would make Stuxnet obsolete.

The more unsettling parts of Zetter’s book catalog security vulnerabilities in America’s public infrastructure, which could easily be victim to a Stuxnet-style attack, and consider the implications of the era Stuxnet heralded. For example, in 2001 hackers attacked California ISO, a nonprofit corporation that manages the transmission system for moving electricity throughout most of California. More recently, Zetter writes, in 2011 a security research team “penetrated the remote-access system for a Southern California water plant and was able to take control of equipment the facility used for adding chemicals to drinking water.”

The Obama administration has publicly announced that shoring up infrastructure security is a top priority. Zetter finds this ironic, because unleashing Stuxnet has opened the U.S. up to attacks using the same malware.

“When you launch a cyber weapon, you don’t just send the weapon to your enemies, you send the intellectual property that created it and the ability to launch the weapon back against you,” writes Zetter. “Marcus Ranum, one of the early innovators of the computer firewall, called Stuxnet ‘a stone thrown by people who live in a glass house.’”

More broadly, Stuxnet heralded an era of cyber warfare that could prove to be more destructive than the nuclear era. For Zetter there is also irony to the use of cyber weapons to combat nuclear weapons. She quotes Kennette Benedict, the executive director of the “Bulletin of the Atomic Scientists,” pointing out, “that the first acknowledged military use of cyber warfare is ostensibly to prevent the spread of nuclear weapons. A new age of mass destruction will begin in an effort to close a chapter from the first age of mass destruction.” 

Zetter has similar fears.

“The U.S. lost the moral high ground from where it could tell other countries to not use digital weapons to resolve disputes,” Zetter said. “No one has been killed by a cyber attack, but I think it’s only a matter of time.”

Joshua Alvarez was a 2012 CISAC Honors Student.