Stanford University

Cybersecurity

Cybersecurity Futures 2020

-

Abstract: What will be the state of digital security in five and 10 years? Will it be a "Wild West" where every person and organization must fight to protect their own personal data? Will the Internet of Things advance so much into our homes and cities that everyone – at all times – is under surveillance? Are sensors going to be smart enough to determine and predict human feelings – opening the door to cybercriminals hacking human emotion? These are scenarios from The University of California - Berkeley's Center for Long-Term Cybersecurity, which has modeled what the Internet and cybersecurity could look like in 2020 and beyond. Steve Weber, Faculty Director, and Betsy Cooper, Executive Director, will use examples from the scenarios to help think through what we should be doing today to prepare for the future of cybersecurity.

About the Speakers: Betsy Cooper is the Executive Director of the Berkeley Center for Long-Term Cybersecurity. Betsy, a former CISAC Postdoctoral Fellow, came to UC Berkeley from the Department of Homeland Security, where she served as an attorney advisor to the Deputy General Counsel and as a policy counselor in the Office of Policy. Prior to her arrival at Berkeley, Betsy worked for over a decade in homeland security consulting, managing projects for Atlantic Philanthropies (Dublin, Ireland), the Prime Minister's Strategy Unit in London, the World Bank, and a number of other think tanks. Betsy is also the author of over twenty manuscripts and articles on US and European immigration and refugee policy, and her book manuscript Europe's Security Solution: Can Immigrant Integration Really Prevent Terrorism? is currently under review. In addition to a law degree from Yale University, Betsy holds a DPhil in Politics from Oxford University, an M.Sc. in Forced Migration from Oxford University, and a B.A. in Industrial and Labor Relations from Cornell University. Betsy previously clerked for Judge William Fletcher on the Ninth Circuit Court of Appeals.
 
Steven Weber is the faculty director for the Berkeley Center for Long Term Cybersecurity (CLTC). He works at the intersection of technology markets, intellectual property regimes, and international politics. His research, teaching, and advisory work focus on the political economy of knowledge intensive industries, with special attention to health care, information technology, software, and global political economy issues relating to competitiveness. Steve went to medical school at Stanford then did his Ph.D. in the political science department also at Stanford. He served as special consultant to the president of the European Bank for Reconstruction and Development and has held academic fellowships with the Council on Foreign Relations and the Center for Advanced Study in the Behavioral Sciences, and was Director of the Institute of International Studies at UC Berkeley from 2003 to 2009. His books include The Success of Open Source and most recently The End of Arrogance: America in the Global Competition of Ideas (with Bruce Jentleson) and Deviant Globalization: Black Market Economy in the 21st Century (with Jesse Goldhammer and Nils Gilman).

Encina Hall, 2nd floor

Executive Director of the Berkeley Center for Long-Term Cybersecurity University of California | Berkeley
Steven Weber Faculty Director for the Berkeley Center for Long Term Cybersecurity University of California | Berkeley
Panel Discussions

How to withstand a cyberattack: The future of resilience in the cyber and physical worlds

-

Abstract: We all know that we face cyberrisks everyday, from destructive attacks on our critical infrastructure to the theft of intellectual property. Yet countries and companies are woefully behind in making the investments necessary to secure themselves and withstand potential attacks. How should we move forward? Given the range of cyberthreats facing the United States and its allies and partners we should focus on (1) securing our most important missions and operations and (2) on planning for the certainty of some technological disruption. The talk begins by presenting a series of assumptions about the limits and opportunities for security planners in mitigating risks (cyber and otherwise), and then outlines strategic recommendations for governments and companies to improve their cybersecuity posture. It explores elements of effective cyber strategy; the role of leaders in managing cybersecurity across large organizations; the future of public-private partnerships for collective defense and contingency response; and the dark but necessary nature of resiliency planning. 

About the Speaker: Jonathan Reiber is currently Senior Fellow at the University of California at Berkeley's Center for Long-Term Cybersecurity. A writer, speaker, and security researcher, Mr. Reiber held a number of senior advisory positions in the Obama Administration within the U.S. Department of Defense. He was also the principal author of the U.S. Department of Defense Cyber Strategy (2015).

From January 2013 to September 2015, he served as Chief Strategy Officer for Cyber Policy in the Office of the Secretary of Defense. As Chief Strategy Officer, he advised the Pentagon leadership and led strategic initiatives across the cyber policy portfolio, to include strategic planning; key international, interagency, and industry partnerships; and strategic communications. In addition to serving as Chief Strategy Officer, he was also the Executive Secretary of the Defense Science Board Task Force on Cyber Deterrence.

Earlier in the Obama Administration, Mr. Reiber served as Special Assistant and Speechwriter to the United States' Deputy Secretary of Defense, Dr. Ashton B. Carter, and previously as Special Assistant to the United States' Principal Deputy Under Secretary of Defense for Policy, Dr. James N. Miller. In both positions he focused on strategy, Middle East security, Asia-Pacific security, cyber policy, and public communications.

From 2007 to 2009, Mr. Reiber was Research Manager at Ergo, a consulting and intelligence firm focusing on emerging markets. At Ergo he coordinated scenario planning exercises and deep-dive geopolitical analysis, advising Fortune 500 companies and other organizations on the political and social affairs of South Asia, Africa, and the Middle East. Earlier in his career he served with the United Nations Peacekeeping Mission in Sudan, as a policy advisor to the Episcopal Church of the United States, and as a Thomas J. Watson Fellow in South Africa, Italy, India, Turkey and Cyprus, where he studied the role of religion in political and social change.

Mr. Reiber is a graduate of Middlebury College, where he studied Religion, and The Fletcher School of Law and Diplomacy, where he focused his studies on international security and U.S. diplomatic history and served as Editor-in-Chief of The Fletcher Forum of World Affairs.

At Berkeley Mr. Reiber focuses his writing and research on human resilience, national contingency planning, and cybersecurity in the Asia-Pacific region. He regularly advises companies and governments on cybersecurity, strategy, and geopolitical risk. 

Encina Hall, 2nd floor

Jonathan Reiber Senior Fellow University of California at Berkeley's Center for Long-Term Cybersecurity
Seminars

Reality-based election security

-

Abstract:   There is a state of high anxiety about this year's election being "hacked" or "rigged". The media began speculating about the possibility when emails were stolen from the Democratic National Committee and, later, Hillary Clinton's campaign chairman, allegedly by state-sponsored hackers. Additionally, Donald Trump has been predicting that the election will be "rigged", worrying many of his supporters. New voter ID requirements have been imposed in many states in response to allegations of "voter fraud", but voting rights advocates worry that these requirements will disenfranchise many voters. In this talk, I will attempt a rational evaluation of election security risks and propose what we should do to address them.

About the Speaker: David L. Dill is the Donald E. Knuth Professor in the School of Engineering and Professor of Computer Science at Stanford University, where he has been on the faculty for 29 years. He is a member of the National Academy of Engineering and the American Academy of Arts and Sciences. He has been working on policy issues in voting technology since 2003. He is the founder of VerifiedVoting.org, whose mission is to safeguard elections in the digital age, and continues to serve as a board director in that organization.  He was a principle investigator in the National Science Foundation's "ACCURATE" voting tresearch center center from 2006 to 2011. In 2004, he received the Electronic Frontier Foundation's "Pioneer Award" for spearheading and nurturing the popular movement for integrity and transparency in modern elections."

Encina Hall, 2nd floor

David Dill Professor in the School of Engineering and Professor of Computer Science Stanford University
Seminars

Harold Trinkunas

CISAC
Stanford University
Encina Hall, E205
Stanford, CA 94305-6165

(650) 725-8035
0
Senior Research Scholar
rsd19_072_0081a.jpg

Harold Trinkunas is the Deputy Director and a Senior Research Scholar at the Center for International Security and Cooperation at the Freeman Spogli Institute for International Studies at Stanford University. Prior to arriving at Stanford, Dr. Trinkunas served as the Charles W. Robinson Chair and senior fellow and director of the Latin America Initiative in the Foreign Policy program at the Brookings Institution. His research focuses on issues related to foreign policy, governance, and security, particularly in Latin America. Trinkunas has written on emerging powers and the international order, ungoverned spaces, terrorism financing, borders, and information operations. 

Trinkunas has co-authored Militants, Criminals and Warlords: The Challenge of Local Governance in an Age of Disorder (Brookings Institution Press, 2017), Aspirational Power: Brazil’s Long Road to Global Influence (Brookings Institution Press, 2016) and authored Crafting Civilian Control of the Military in Venezuela (University of North Carolina Press, 2005). He co-edited and contributed to Oxford Handbook of Peaceful Change in International Relations (Oxford University Press, 2021), Three Tweets to Midnight: The Effect of the Global Information Ecosystem on the Risk of Nuclear Conflict  (Hoover Institution Press, 2020), American Crossings: Border Politics in the Western Hemisphere (Johns Hopkins University Press, 2015), Ungoverned Spaces: Alternatives to State Authority in an Era of Softened Sovereignty (Stanford University Press, 2010), Global Politics of Defense Reform (Palgrave MacMillan, 2008), and Terrorism Financing and State Responses (Stanford University Press, 2007).

Dr. Trinkunas also previously served as an associate professor and chair of the Department of National Security Affairs at the Naval Postgraduate School in Monterey, California. He received his doctorate in political science from Stanford University in 1999. He was born in Maracaibo, Venezuela. 

 

Deputy Director
CV
Hide publication sections
Off
Date Label

Cyber Security Summit

While the Cyber Security Summit 2016 is not open to walk-ins, live-streaming will be available, starting on Monday, September 19 at 2:30PM

http://livestream.com/stanford_webcast

 

The debate on cybersecurity has never been more important. Senior experts on all aspects of cybersecurity will convene at Stanford University for the Munich Security Conference's 4th Cyber Security Summit, hosted by the Center for International Security and Cooperation (CISAC) at the Freeman Spogli Institute for International Studies
(FSI).

Are our societies prepared for large-scale cyberattacks on critical infrastructures? How can countries establish joint norms and rules for cyber space? Which steps are necessary in order to stop the digital advance of the 'Islamic State' and other terrorist groups? In how far should data privacy be compromised for effective intelligence work?

Around 140 senior representatives from science, politics, business and the military will debate these and other questions in the course of several panels held over two days in Encina Hall, home to CISAC and FSI. Among the participants are representatives from US and EU authorities, the cyber security coordinators of several European states, numerous business leaders, as well as security experts from various Silicon Valley companies.

cgm16 stanford twitter header

 

Conferences

Perspectives on Complex Global Challenges: Education, Energy, Healthcare, Security, and Resilience

Paragraphs

This book discusses issues in large-scale systems in the United States and around the world. The authors examine the challenges of education, energy, healthcare, national security, and urban resilience. The book covers challenges in education including America's use of educational funds, standardized testing, and the use of classroom technology.  On the topic of energy, this book examines debates on climate, the current and future developments of the nuclear power industry, the benefits and cost decline of natural gases, and the promise of renewable energy. The authors also discuss national security, focusing on the issues of nuclear weapons, terrorism and cyber security.  Urban resilience is addressed in the context of natural threats such as hurricanes and floods.

All Publications button
1
Publication Type
Books
Publication Date
Journal Publisher
Wiley (1st edition)
Authors
Elisabeth Paté-Cornell
External Purchase Links
External URL

Cyberattack concerns real about U.S. presidential election, Stanford scholar says

Authors
News Type
Q&As
Date
Paragraphs

A real possibility exists that foreign hackers could throw a monkey wrench into the outcome of the U.S. presidential election in the fall, a Stanford expert says.

Herbert Lin, senior research scholar for cyberpolicy and security at Stanford’s Center for International Security and Cooperation and a research fellow at the Hoover Institution, said that electronic voting could be affected by hackers in the presidential race, especially if a candidate claims tampering. In recent months, hackers from outside the country reportedly infiltrated the Democratic National Committee and Hillary Clinton campaign computer networks, leading to data breaches that made headlines worldwide.

The Stanford News Service interviewed Lin on this subject:

How worried are you about possible cyberattacks that could influence the outcome of the November elections in the U.S.?

There are two kinds of things to worry about. One is an actual cyberattack that, for example, alters vote counts in a way that tilts the election away from the will of the voters. That kind of attack is hard to pull off, and I’m not very worried about that – though I worry about it some.

A second worry – much more serious in my opinion – is the possibility that an election loser might challenge the outcome of the election, alleging that the results were altered by a cyberattack, especially if the election were close. How would anyone ever prove that ballots, electronically cast with no permanent and auditable record, were accurately counted?

If the evidence that Russians hacked the Democratic National Committee and the Hillary Clinton campaign proves to be legitimate, how should President Obama respond to Russia and Vladimir Putin?

Herbert Lin

Herbert Lin (Image credit: Rod Searcey/CISAC)

 

The U.S. has many response options, ranging from private diplomatic conversations to military action and everything in between. There are many things we could do to exact a price. But some of these things may be wise and others may be unwise. For example, an unwise option would be to threaten overt military action and otherwise do saber-rattling in response. The balancing act is calibrating a response that exacts a penalty but does not provoke a response that is unacceptable to us – and that’s a hard thing to do.

Would the U.S. ever hack back at Russia in some way?

I would be utterly amazed if the U.S. were not hacking Russia, and every other major power in the world for that matter. And I would be amazed if every other major power in the world were not hacking the U.S. There’s a baseline level of hacking that is going on all the time by everyone.

So, the question isn’t hacking or not hacking, the question is hacking back versus hacking. And on that point, I suspect it would be really hard for the recipient – in this case, Russia – to distinguish between hacking that almost surely is going on already and hacking that was conducted in response to any putative Russian involvement in the Democratic National Committee hack.

Is the hacking symbolic of a poor relationship between the U.S. and Russian governments?

I would not say symbolic – but it’s entirely consistent with a poor relationship.

In this 2015 video, Herb Lin talks about how U.S. policy on offensive cyber operations should be declassified.

 

Clifton Parker is a writer for the Stanford News Service.

Hero Image
gettyimages 515689422usvote Brendan Smialowski (Getty Images)
All News button
1

Implications of the Chinese military's uses of cyber for inter-state crisis management

-

Lunch will be served. Please RSVP to allow for an accurate headcount.

Abstract: Dr. Johnston will present a preliminary analysis of some of the tensions between inter-state crisis management principles (as accepted by many Chinese crisis management experts) and concepts for the use of cyber weapons in military conOlicts being developed by the Chinese military.

About the Speaker: Alastair Iain Johnston is The Governor James Albert Noe and Linda Noe Laine Professor of China in World Affairs at Harvard University and a visiting fellow at the Hoover Institution in summer 2016. He has written on socialization theory, identity and foreign policy, and strategic culture, mostly with application to the study of China’s foreign policy and East Asian international relations.

Alastair Iain Johnston Harvard University
Seminars

No Clear Strategy for U.S. Cybersecurity: 2016 Cyber Media Roundtable

News Type
News
Date
Paragraphs

Despite growing consensus about the magnitude of cyber security threats, a clear strategy for securing the United States’ critical digital infrastructure has yet to be reached. This is partially due to the complexity of cyber security issues, which intersect computer science, law, policy, economics, public opinion, and ethics. In recent years, however, the Hoover Institution has helped scholarship and dialogue on cyber security to move forward by channeling the expertise of Hoover fellows, Stanford University, and Silicon Valley, as well as extending these resources to policy makers and the media.

Hoover’s Cyber Security Boot Camps, led by Hoover fellows Amy Zegart and Herbert Lin in partnership with Stanford University’s Cyber Policy Program and the Center for International Security and Cooperation (CISAC), are key components of these efforts. Past boot camps have assembled senior congressional staff from both sides of the aisle for expert briefings and discussions about the law, policy, and technology pertaining to cyber security. This year, Zegart and Lin shifted the program’s focus toward national media, partnering with Hoover’s public affairs team to host a cyber security themed Media Roundtable.

Following the format of previous Media Roundtables, Hoover brought dozens of reporters from leading outlets such as the Wall Street Journal, Washington Post, and New York Times together with cyber policy and technology experts on May 16, 2016. The program featured presentations, interactive discussion, and thought-provoking exercises designed to aid reporters in understanding and communicating cyber security news and debates. The interactive atmosphere also helped strengthen lines of communication between the reporters, technology experts, and strategists tasked with making sense of the changing cyber security landscape.

Amy Zegart, Davies Family Senior Fellow at Hoover, introduced attendees to the unique challenges of crafting cyber security policy. Zegart discussed the exceptional vulnerability of powerful countries to cyber threats, consumer driven connectivity as a factor that increases cyber risks, and the obstacles to protecting privately held cyber infrastructure at a time of acute mistrust of government.

John Villasenor, a professor of electrical engineering, public policy, and management; visiting professor of law at UCLA; and a national fellow at the Hoover Institution, introduced the technical challenges associated with cyber security. Villasenor discussed the irreversible growth of cyberspace as mobile connectivity proliferates and data storage costs plummet, the overwhelming complexity of cyber systems, and the startling capabilities of hackers in identifying and exploiting security weaknesses.

Herbert Lin, Hoover research fellow and senior research scholar for cyber security and policy at CISAC, applied his expertise to an often-overlooked topic in cyber security: the role of offensive cyber tactics. Where passive defenses such as network security or law enforcement fail, offensive measures can prove critical in disrupting or identifying the source of cyber security breaches. Lin also discussed the potential use of offensive cyber tactics against our adversaries without waiting for incoming attacks, which he likens to “punching” in cyberspace, rather than “punching back.”

Carey Nachenberg, a vice president and fellow at Symantec Corporation and prolific developer of cyber security technology, delivered a technical primer on cyber exploitation. Nachenberg described ways that design flaws, human error, and the sheer complexity of cyber systems create potential vulnerabilities. He also provided a step-by-step walkthrough of various tactics hackers use to exploit these weaknesses, including denial of service attacks, computer worms, and manipulating human agents.

Jack Goldsmith, senior fellow at Hoover and the Henry L. Shattuck Professor of Law at Harvard, discussed the complications of applying international law designed to address traditional uses of force to cyber hostilities. Goldsmith highlighted the problematic distinction between cyber attacks, which constitute illegal acts of international aggression, and exploitations, which constitute legal acts of espionage.

Elaine Korzak, a W. Glenn Campbell and Rita Ricardo-Campbell National Fellow at Hoover, reported on the evolving UN response to cyber security concerns. After decades of review, UN action on cyber law gained traction in 2014 with a milestone report recognizing the applicability of international law to cyberspace. A subsequent 2015 report recommended several cooperative steps on cyber security, although the proposed rules and norms rely on voluntary implementation.

The roundtable also featured interactive exercises to expand media perspectives on cyber issues, including a detailed simulation of a cyber security breach at a major web services company. Participants formed groups to address technical, legal, public relations, and other concerns related to the breach and presented their strategies to real-world private-sector cyber security experts. Hoover invited four other cyber security leaders to discuss what the media is getting right and wrong on cyber coverage and how reporters can develop stronger relationships with private sector sources.

The 2016 Cyber Media Roundtable covered a wide range of complex topics, and the engagement of participants signaled strong interest in internalizing the material. Discussion periods spilled into breaks, and participants asked penetrating questions characteristic of good reporting.

Reflecting on the outcomes of the event, Amy Zegart stated:

The media cyber boot camp was a great success—giving some of the nation’s top national security reporters a fast and deep dive into key cyber issues, developing broader networks of experts to help inform the public debate, and enabling candid conversation with industry leaders about what the press can do to improve coverage of cyber issues.  Our vision is to hold a boot camp every year to educate a wide range of key policymakers and influencers—including congressional staff, federal judges, and the press.

Moving cyber policy forward will require continued attention to issues raised in the Media Roundtable. How can tensions between government and the private sector be eased to allow for greater cooperation? Can current international rules and norms be applied to cyber issues? To what extent do legal and ethical considerations permit “hacking back” or even hacking first? Where should reasonable expectations for cyber security be set in light of the overwhelming complexity of cyber systems?

As the larger policy community expands their focus on these and other key cyber security questions, Hoover’s ongoing research and outreach will help inform their answers.

Hero Image
CISAC co-director Amy Zegart (center) speaks during a simulated cybersecurity breach group exercise at the 2016 Cyber Media Roundtable at Stanford.
CISAC co-director Amy Zegart (center) speaks during a simulated cybersecurity breach group exercise at the 2016 Cyber Media Roundtable at Stanford.
Rod Searcey
All News button
1

Cybersecurity Regulations and Power Grid Resilience

-

Abstract: The NERC-CIP standards are the only federally mandated cybersecurity standards for critical infrastructure in the United States.  Targeting the electric system, the standards have been developed to ensure the reliability and the resilience of the electric grid and prevent catastrophic failures.  Although the standards have been around for almost a decade, their role in building the resilience of the electric grid is fiercely contested, with critics claiming the standards represent little more than a ‘check box’ exercise that directs attention and resources away from achieving real security.  This talk will present evidence on the effectiveness of the standards in addressing risk and offer suggestions as to how the standards might be improved to enhance resilience.

About the Speaker: Aaron Clark-Ginsberg is a U.S. Department of Homeland Security Cybersecurity Postdoctoral Scholar at CISAC.  His research interests center on the theory and practice of disaster risk governance, particularly resilience and disaster risk reduction approaches.  He is currently researching how government regulations designed to improve the resilience of the power grid to cyber-threats are affecting utility companies.

Aaron holds a PhD and MSc in Humanitarian Action from the University College Dublin and a BA in American Studies with a Concentration in Environmental Studies from Kenyon College.  Aaron's doctoral research examined how international NGOs interacted with national stakeholders to reduce disaster risk in developing countries.  As part of this, Aaron traveled to ten countries in Asia, Africa, and the Caribbean to review risk reduction and resilience building approaches addressing a variety of hazards including flooding, drought, price shocks, cyclones, landslides, erosion, disease, and conflict.

Aaron has extensive experience in real world application of risk management principles.  Aaron’s PhD was in conjunction with Concern Worldwide, an international Irish humanitarian organization.  While at Concern, Aaron produced a series of reports on risk management in different countries and contexts designed to improve the effectiveness of Concern’s approach to risk reduction. He has also conducted policy-focused research on humanitarian reform for the World Humanitarian Summit Irish Consultative Process, the results of which were used to help develop the Irish position on humanitarian action. Aaron also spent four seasons working as a wildland firefighter for various governmental and private sector organizations across the western United States.

 
Cybersecurity Regulations and Power Grid Resilience (preliminary findings)
Download pdf
Cybersecurity Postdoctoral Scholar CISAC
Seminars
Subscribe to Cybersecurity