American deterrence, though traditionally centered on the nuclear triad, is becoming ever more integrated and dependent on other technologies in space and the cyber world, Admiral Cecil D. Haney, commander of the U.S. Strategic Command, told a Stanford audience.

Haney, appointed to lead USSTRATCOM by President Barack Obama last year, made a daylong visit to Stanford on Tuesday, holding seminars and private meetings with faculty, scholars and students at the Hoover Institution and the Center for International Security and Cooperation. His seminar at CISAC focused on strategic deterrence in the 21st century.

Admiral Haney has made it USSTRATCOM’s goal, in accordance with the Nuclear Nonproliferation Treaty (NPT) and the 2010 START Treaty, to reduce America’s nuclear weapons stockpile. But he sees a world where maintaining a deterrent is still necessary.

“As we work to continue our nation’s goal of reducing the role of our nation’s nuclear weapons, we find other nations not only modernizing their strategic capabilities but also promoting them,” he said. Russia, Iran, and China attracted particular concern. Haney declined to estimate how much the U.S. can reduce its stockpile without hurting its deterrent posture.

While the nuclear triad is still the foundation of American deterrence, space and cyberspace technology are now fully integrated with nuclear platforms, making cyber and space security indispensable.

“Deterrence is more than just the triad,” said Haney. “We are highly dependent on space capabilities, more so than ever before. Space is fully integrated in our joint military operations as well as in our commercial and civil infrastructure. But space today is contested, congested, and competitive.” 

Haney said there are more than 20,000 softball-sized objects orbiting Earth.

Image

“Only about 1,000 of those objects are satellites, the rest is debris, increasing threats to our operational satellites as they travel at speeds exceeding 17,000 mph,” he said. The Joint Space Operation Center receives an average of 30 collision alerts per day.

Damage to some of our satellites could have devastating impacts on our economy, communications and infrastructure. Rival nations also pose space security challenges.

According to the U.S. government, China recently tested an anti-satellite missile. This follows a 2007 test when China successfully destroyed one of its satellites, and consequently created a cloud of debris that still poses a threat to international satellites.

“Keeping assured access to the space domain is a full-time job,” Haney said.

Likewise cybersecurity. America’s increasing reliance on cyberspace for both military and civilian purposes has created security vulnerabilities that can be exploited by both state and non-state actors. Haney cited the recent attacks on J.P. Morgan and Sony, Russia and China’s attacks on regional rivals, and non-state terror groups.

“We have benefited enormously from advanced computer capabilities, but it has opened up threat access to our critical infrastructure,“ Haney said. “As we confront terrorist groups we all know that they are not only using cyber for recruiting and messaging – but also to seek weapons of mass destruction.”

In a Q&A session after his talk during the CISAC seminar, a variety of concerns were raised about the USSTRACOM mission, including triad modernization, the ongoing personnel issues that have been in the news, and missile defense.

FSI Senior Fellow Scott Sagan asked about the recent spate of personnel problems at U.S. nuclear silos. Haney said a full review of personnel and procedures, ordered by Defense Secretary Chuck Hagel, was completed and changes have been enacted.

“We are trying to positively reinforce our workforce and I am getting a lot of positive feedback from operators,” Haney said. “We are having monthly conversations that include operational officers. When I visit sites I don’t just meet with commanders, I have meals with smaller groups of lower-ranking personnel.”

Haney previously served as commander of the Pacific Fleet. A graduate of the U.S. Naval Academy, he has personal experience with America’s nuclear deterrent as he served in submarines armed with nuclear ballistic missiles, which, in addition to land-based intercontinental ballistic missiles (ICBMs) and strategic bombers, make up part of the United States’ nuclear triad.

USSTRATCOM is one of nine unified commands that have control of forces from all four branches of the U.S. military. The command’s well-known responsibility is command and control of America’s nuclear arsenal, a role it inherited from the Cold War-era Strategic Air Command. Since its establishment in 1992, USSTRATCOM has been assigned additional responsibilities, most notably cyberspace and outer space.

You can listen to the audio of his presentation here.

Joshua Alvarez was a CISAC Honors Student during the 2011-2012 academic year.

Journalist Barton Gellman had left his job at The Washington Post and was working on a book about surveillance and privacy in America when he was contacted last year by someone using the code-name VERAX, or “truth teller” in Latin.

So began one of the most dramatic chapters in the history of modern American journalism – and government surveillance. In the spring of 2013, Gellman began having remote, encrypted exchanges with someone who clearly had inside knowledge of the NSA's global and domestic surveillance programs. 

“He was trying to figure out whether he could trust me and ... I was trying to figure out if he was for real,” Gellman told a packed Stanford audience Monday night.

Last December, he traveled to Moscow to put a face to the code-name and determine whether the information he was providing was accurate.

“All extraordinary claims require extraordinary evidence – and he was providing that.," Gellman said of former NSA contractor Edward Snowden. "I was convinced fairly early on that I was dealing with something fairly serious.”

So Gellman went back to The Washington Post, where he had been on teams that won two Pulitzer Prizes for their coverage of the 9/11 terrorist attacks and the power and influence of Vice President Dick Cheney during the Bush administration.

“I went there because I trusted them and because I wanted their resources and their advice,” he told the audience of some 600 people at the CEMEX Auditorium on Monday. The Washington Post would go on to win the 2014 Pulitzer Prize for Public Service, shared with The Guardian US, for their reporting on the Snowden materials and the NSA.

Gellman today is a senior fellow at The Century Foundation and a visiting professional specialist and author-in-residence at Princeton’s Woodrow Wilson School of Public and International Affairs. He is the author of Angler: The Cheney Vice Presidency and is currently working on a book about the Snowden affair.

Snowden’s explosive disclosures about the National Security Agency’s intelligence-collection operations have ignited an intense debate about the appropriate balance between security and liberty in America.

In a special series this academic year at Stanford University, nationally prominent experts are exploring the critical issues raised by the NSA’s activities, including their impact on our security, privacy and civil liberties.

Amy Zegart, co-director of CISAC and a senior fellow at the Hoover Institution, launched the “Security Conundrum” series in October with its first speaker, Gen. Michael Hayden, the former director of the NSA and CIA who defended the government surveillance programs. The metadata collection “is something we would have never done on Sept. 9 or Sept. 10,” Hayden told Zegart during their conversation on Oct.  8. “But it seemed reasonable after Sept. 11. No one is doing this out of prurient interests. No – it was a logical response to the needs of the moment.”

Zegart, in introducing Gellman, said: “Tonight, we move from inside the NSA to inside the newsroom, which played a key role in revealing the NSA’s secret activities over the past year.”

All Photos by Rod Searcey

Image

In the second lecture in the “Security Conundrum” series, Gellman was in conversation with Philip Taubman, former correspondent and Washington and Moscow bureau chief for The New York Times and a consulting professor with Stanford’s Center for International Security and Cooperation (CISAC). Taubman teaches the class Need to Know: The Tension Between a Free Press and National Security Decision Making.

Gellman recounted his dealings with Snowden and described how he and his editors weighed the Snowden materials. Few questions are more difficult for American journalists than determining how far a free press can venture in disclosing national security secrets without imperiling the nation’s security.

“I asked him very bluntly, `Why are you doing this?’” Gellman said of Snowden.

“He gave me very persuasive and consistent answers about his motives. Whatever you think of what he did or whether or not I should have published these stories, I would claim to you that all the evidence supports his claim that he had come across a dangerous accumulation of state power that we, the people, needed to know about.”

One of the first Snowden revelations, Gellman said, was the top-secret PRISM surveillance program, in which the NSA is allowed to tap into the servers of nine large U.S. Internet companies, including Google, Microsoft, Yahoo, Facebook and Skype. Snowden believed the extent of mass data collection about American citizens was far greater than what the public knew.

The Post reported that PRISM allows the U.S. intelligence community to gain access from the Silicon Valley firms to a wide range of digital information, including audio, video chats, photographs, emails and stored data that enable analysts to track foreign targets. The program does not require individual warrants, but instead operates under the broader authorization of the federal Foreign Intelligence Surveillance Act court.

Image

The FISA Court had also been ordering a subsidiary of Verizon Communications to turn over to the NSA logs tracking all of its customers’ telephone calls.

Gellman said Snowden asked for a guarantee the Post would publish the full text of a PowerPoint presentation that he had obtained describing the PRISM program. Gellman told him that his editors would not make any guarantees about what they would publish and in the end the paper only reproduced several slides so as not to harm national security.

Taubman asked Gellman what gives any journalist the right to publish classified documents and not hand those papers back to the NSA.

“I’m not accountable to anyone for my decisions about what is in the interest or not in the interest of the national security of the United States,” Gellman said. “What happens is the government tries to keep information a secret and I try to find it out – and then when that spillage happens, well, then we talk.”

In the case of PRISM, he sent emails to two “quite senior people” in the government and told them this was the type of email he only sends once every several years, when he is onto a big story they would want to know about. But he didn’t want to do anything over email, so when the senior officials called, Gellman gave them the title of the document about which he was going to write.

Image

That started the negotiations with the government and The Washington Post. In the end, the paper only published several of the government’s PowerPoint slides that explained the PRISM program because they were concerned about harming national security.

“We had no interest in doing that; we only had an interest in writing about the public policy question on a program that had secretly expanded in ways that almost no one knew about,” Gellman said. “To the extent that it involves drawing new boundaries allowing the government to spy on its citizens and the citizens never get to know that – that is quite relevant to know when you’re trying to decide whether you like what your government is doing.”

In a statement responding to the PRISM revelations by the Post, Director of National Intelligence James Clapper said information collection under the program “is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats.”

Clapper called the Snowden leaks about the legal program “reprehensible and risks important protections for the security of Americans.”

Gellman said Snowden has turned down million-dollar book and movie deals and lives in  “ascetic” asylum in Russia. Snowden told NBC News earlier this year that he was on his way from Hong Kong to Latin America, via Moscow, when his passport was confiscated and that Russia then granted him a one-year asylum.

“He is fascinating to me because he’s an unusual figure,” Gellman told Taubman, who had asked him what Snowden was like. He said the 31-year-old former systems administrator for the CIA did something most Americans would not: He gave up his personal freedom and changed the course of his life to make public the government surveillance programs that he believes are a danger to the American people.

“He described himself to me once as an indoor cat,” Gellman said. “He lives in a virtual world; there’s not a whole lot of difference for Snowden whether he’s living in Moscow or Hawaii – he’s is what I would call a net native. He has an ascetic personality; he doesn’t have or want very much stuff.”

Gellman added: “He is sort of Zen-like in his confidence that he has done the right thing.”

***

The Security Conundrum series is co-sponsored by CISAC, Hoover, and the Freeman Spogli Institute for International Studies, Stanford Continuing Studies, Stanford in Government and the Stanford Law School.

Other nationally prominent speakers will include Reggie Walton, the former presiding judge of the Foreign Intelligence Surveillance Court, and U.S. Sen. Dianne Feinstein, chairman of the Senate Select Committee on Intelligence.

National Security Agency Director Admiral Michael Rogers told a Stanford University audience during a rare visit to Silicon Valley that his greatest concern today is that the nation is not yet prepared to defend against a major cyber terrorist attack.

He said the growing rift among the signals intelligence agency, tech companies and civil liberties organizations over the shifting boundaries of privacy rights and secret surveillance is weakening the nation’s resolve.

“We have yet to be able to come to a broad policy and legal consensus about how we deal with some of the legal issues in cyber now,” said Rogers, who took over the leadership of the embattled intelligence agency in April.

The admiral, wearing military dress, spoke to some 300 Stanford students, faculty and tech executives in an event sponsored by the Center for International Security and Cooperation (CISAC) and the Hoover Institution.

Watch the Rogers talk in this video:

His wide-ranging talk on Monday – in which he appealed to Stanford students to consider a career at the intelligence agency – came on the eve of a hearing by a federal appeals court investigating whether the NSA’s surveillance program violates the U.S. Constitution’s ban on unreasonable searches. The Justice Department argues that collecting phone data is of overriding importance to national security.

The NSA, whose mission is to prevent foreign adversaries from getting their hands on classified national security data, has come under fire since NSA contractor Edward Snowden disclosed last year the extent of the government’s electronic surveillance programs. The former CIA system administrator leaked documents to journalists that revealed global surveillance programs with the cooperation of some telecommunications companies and European governments.

One of those journalists was Barton Gellman of the Washington Post, who received dozens of top-secret documents from Snowden when he traveled to Moscow to meet him. Gellman, who shared the 2014 Pulitzer Prize for Public Service for his reporting on the Snowden materials and the NSA, will address a Stanford audience on Nov. 17^th as part of the university’s “Security Conundrum” lecture series.

Rogers indicated that until a consensus is reached on government surveillance, the United Sates is vulnerable to attack.

“Is it going to take a crisis to wake us up and say, `Man, how did we get here?’” he asked. “I don’t want to be at the end of another 9/11 commission asking how we got here.”

Rogers said the government is backing a bill known as the Cybersecurity Information Sharing Act, which would allow tech firms and the U.S. government to share cyber threats captured through Internet data. The bill was introduced to the Senate in July but has not yet been voted on by the full Senate. Opponents of the bill say it would only give the NSA enhanced spying powers.

Image

Rogers called the proposed legislation critical. “Without it, cyber becomes a huge cost for us as a nation.”

Rogers said he knows Americans’ trust in their government is dismal.

“We have a fairly limited faith in Washington and there is incredible frustration over the mechanisms of our government, whether it be the legal framework, the courts, the Congress,” he said. “It’s hard to achieve a political consensus when we’re losing faith in many of the mechanisms.”

And still, he called on Stanford students – namely the engineering and computer science majors who were in the audience – to come work for him. While acknowledging that the NSA could not match the salaries of Google, Yahoo and Facebook, he said they could do something worthwhile for their nation.

“If we’re going to make this about money – we don’t stand a chance,” Rogers said.

But, he added, “We’ll give you an opportunity to dedicate yourself to something that is bigger than you: service to the nation.”

Rogers said young recruits would be given great responsibility at an early stage in their careers. And, they’d get to play real-world spy games. “We’re going to give you the opportunity to do stuff you can’t legally do anywhere else,” he said.

Not all students in the audience were ready to sign up.

Thu-an Pham, a sophomore who has yet to declare her major, said after listening to the talk that she’s concerned that NSA surveillance is curbing innovation.

"I'm worried about the impact of surveillance on the culture of innovation,” she said. “Glenn Greenwald gave a recent TED Talk on the importance of privacy. He showed that people alter their behavior to conform to norms and expectations if they suspect they are under surveillance, which stifles individuality and free-thinking.”

Pham also said she’s concerned about the possibility of American officials “outsourcing illegal tasks to other governments.”

The National Journal reported last week that the NSA has given broad access to British intelligence to Americans’ telephone calls and Internet traffic, leading civil liberties activists to accuse the agency of trying to circumvent the Fourth Amendment.

Amy Zegart, CISAC’s co-director and a senior fellow at the Hoover Institution, moderated the one-hour talk and Q&A in Encina Hall.  

Zegart, an intelligence expert, noted tech firms are tightening encryption standards to prevent government spying on their customers.

Google and Yahoo are working on tools to encrypt their email systems and Apple and Google just announced its mobile operating systems would eventually be encrypted by default. Government officials have warned that the tech firms could be aiding criminals and terrorists with these tougher encryption standards; FBI Director James Comey suggested Silicon Valley build encryption with a backdoor for the U.S. government to spy on potential terrorists.

“Industry is very concerned about evidence of the NSA undermining encryption standards. If the NSA were to find a way through encryption standards, how do you weigh the right thing to do?” Zegart asked.

“Let there be no doubt that a fundamentally strong Internet is in the best interest of the nation,” Rogers replied. “When you find vulnerabilities, we are going to share them; the default mechanism is that we’re going to share the vulnerabilities.”

Image

CISAC Affiliate Jennifer Granick, director of civil liberties at the Stanford Law School's Center for Internet and Society, asked Rogers to answer to disclosures by Snowden that the NSA secretly broke into communications on Yahoo and Google servers overseas.

“We do not use any foreign partners as a vehicle to overcome and bypass U.S. law,” Rogers replied. “When we partner with our Five Eyes teammates, we remind them that we have specific requirements that we must meet.”

The Five Eyes refers to an intelligence alliance of the United States, Canada, Great Britain, Australia and New Zealand to share signals intelligence.

Rogers conceded the Department of Defense no longer drives technical innovation, so the government will have to increasingly rely on the brainpower of Silicon Valley. He pledged to visit every six months and build partnerships with tech firms.

But he emphasized that national security could not be left to the technologists.

“It is unrealistic to expect the private sector to withstand the actions of nation-states,” Rogers said. “I think it is also unrealistic to expect the government to deal with this all by itself. We have got to create those partnerships that enable us to actually share information and insight in a real-time basis.”

Former CISAC Honors Student Joshua Alvarez contributed to this story.

The heated debate over the line between liberty and national security took center stage as Gen. Michael Hayden, former director of the National Security Agency and CIA, defended government surveillance programs at Stanford’s launch this week of “The Security Conundrum” speaker series.

If such surveillance methods were further restricted, “that smaller box, in my professional judgment, would make the job of the NSA harder and would probably make you less safe,” Hayden told a packed audience at the event co-sponsored in part by the university’s Freeman Spogli Institute for International Studies (FSI) and the Center for International Security and Cooperation (CISAC).

Hayden admitted to being “prickly” as he discussed privacy concerns over NSA’s collection and storage of phone and email metadata covering billions of calls and messages by American citizens. The surveillance programs, which were exposed last year by leaks from NSA contractor Edward Snowden, were only used after the Sept. 11 terrorist attacks, given “the totality of the circumstances,” Hayden explained.

Hayden was director of the NSA from 1999 to 2005. He then led the CIA from 2006 to 2009.

The metadata collection “is something we would have never done on Sept. 9 or Sept. 10. But it seemed reasonable after Sept. 11,” he said. “No one is doing this out of prurient interests. No, it was a logical response to the needs of the moment.”

Amy Zegart, CISAC’s co-director and a senior fellow at the Hoover Institution, led the conversation with the four-star general. She pointed out that a majority of Americans distrusts the NSA and believes the agency is lying.

Hayden stressed that the phone records were similar to billing statements – detailing who made the calls and when. “There is no content. It is not electronic surveillance. Not at all.”

CISAC Co-Director Amy Zegart leaders a talk with former NSA and CIA Director Michael Hayden at the inaugural "Security Conundrum" speakers series on Oct. 8, 2014.

Though he understands why the operation is “theoretically frightening,” in reality, it’s designed to aid in the capture of terrorists within the United States, Hayden said.

“To listen to the content of the calls would violate the laws of the United States. It would violate the laws of physics,” he said. He challenged if anyone could offer “concrete evidence” of harm stemming from the phone data collection.

In defining the right to privacy, Hayden cited his philosophy behind the balancing act between security and liberty.

“Privacy is the line we continually negotiate for ourselves as unique creatures of God and as social animals,” he said. “There are some things that the community has the right to know – and there are other things that they clearly do not have the right to know.”

The debate is over where that line is drawn, between “what is mine” and “what is owed the collective,” he said.

Hayden noted that the phone and email metadata collection programs are only a small part of the larger issues the nation faces as it deals with increasingly adept enemies and the surveillance abilities of other nations.

“I’m just simply saying – who knows more about you? One of the least of your worries is the government,” he said, half-jokingly. He noted that Google knows more about Americans than does the U.S. government, and the Silicon Valley company uses that data for commercial purposes.

Addressing how tech companies are becoming more reluctant to cooperate with government requests for email communication data, Hayden said he didn’t have an answer about how to address the relationship.

There is a call for transparency of what the government is doing, but Hayden said “translucency” might be the better option, so as to not reveal all that the U.S. does for foreign intelligence.

“This is an enterprise that’s based on absolute secrecy,” he said of the NSA.

Image

But to achieve that, “it’s not transparency,” he said. “We actually have to be translucent … where you have the glass … and you get the broad patterns of movemen

The danger of not being able to target emails, Hayden said, would be that emails become a safe haven for enemies. “If we don’t’ do it, if you’re not going to let us do this stuff … over the long term, it puts your liberty at risk because bad stuff will happen.”

“The Security Conundrum” speaker series looks behind and beyond the headlines, examining the history and implementation of the NSA operations, the legal questions generated by them, the media’s role in revealing them, and the responsibility of Congress to oversee them.

Each guest speaker, in conversation with Stanford scholars, will probe the problems from different vantage points to explain the political, legal and technological contours of the NSA actions, as well as outline ways to preserve the nation’s security without sacrificing our freedoms.

On Nov. 17, journalist Barton Gellman will be the featured speaker. He is known for his Pulitzer Prize-winning reports on the 9/11 attacks and has led the Washington Post's coverage of the NSA. On April 10, Reggie Walton, the former presiding judge of the Foreign Intelligence Surveillance Court, will take the stage as the speaker on April 10.

Along with FSI and CISAC, the series is also co-sponsored by the Hoover Institution, Stanford Continuing Studies, Stanford in Government, and the Stanford Law School.

Image

Two-dozen congressional staffers joined academic and Silicon Valley experts at Stanford’s inaugural cybersecurity boot camp to discuss ways to protect the government, the public and industry from cyber attacks, network crimes and breaches of personal privacy.

The staffers listened to presentations from 25 business and technology leaders, as well as experts in privacy, civil liberties and intelligence during the three-day boot camp. They also took part in a role-playing exercise dealing with a cyber crisis, posing as staffers from the White House, Homeland Security, the State and Defense departments, as well as private enterprise.

The idea behind the workshop was to give Capitol Hill staffers the knowledge and contacts that will help them better craft legislation and policies on cybersecurity.

“We’re 3,000 miles away from Washington and we’re at ground zero for the tech revolution,” said CISAC Co-Director Amy Zegart. She is also the Davies Family Senior Fellow at the Hoover Institution, which co-sponsored the boot camp that that ran from Aug. 18-20.

“The boot camp is an important early step in what we envision to be a continuing, leading and lasting cyber program,” said Zegart, co-convener with Herbert Lin, chief scientist at the Computer Science and Telecommunications Board, National Research Council of the National Academies, who joins Stanford in January as a senior scholar for cyber research and policy at CISAC and research fellow at the Hoover Institution.

Zegart had three goals for the boot camp. One was to bring together computer and social scientists across campus and across the country “to broaden and deepen our cutting-edge scholarship.”

Then, from the networking that naturally took place, Zegart hopes to create a Track II cybersecurity council that will convene regularly with leaders from the U.S. government, scholars and key stakeholders from the private industry.

“And finally, we want enhanced education programs not only for students here at Stanford, but key stakeholders for cybersecurity policy,” she said.

The presentations were videotaped and will be packaged and used for educational purposes at Stanford and eventually be made public online.

Some of the staffers said the boot camp exceeded their expectations and they were grateful for the jam-packed, 72-hour crash course in all things cyber.

“What Stanford has done really successfully here is they brought together people from D.C. who wouldn’t necessarily talk to each other, from different committees, from different sides of the aisle,” said Jamil Jaffer, Republican chief counsel and senior advisor to the Senate Committee on Foreign Relations. “Then from the valley community they brought lawyers, educators and technologists – you name it – from across the spectrum in a way that I’ve never seen before.”

He said he hoped CISAC and the Hoover Institution, which co-sponsored the Stanford Congressional Cyber Boot Camp, would convene the next boot camp with the New York business community as well.

“I think there’s a real opportunity to build bridges between these three major cities; I think we need to have these conversations together,” he said.

Staffers also exchanged views about the wide gap between the government and Silicon Valley tech companies with regard to privacy when they met with senior security chiefs at Google during a visit to the nearby Google X campus.

And there were plenty of lively debates about Internet security vs. privacy and whether the government should step in to police public networks.

Benjamin Wittes of Brookings and Hoover faced off with Jennifer Granick, director of Civil Liberties at the Stanford Center for Internet and Society at the Law School.

“Liberty is a feature of security – and security is a feature of liberty,” Wittes said. “So the urge to think that any security measure is going to negatively impact your liberty, or conversely that anything that augments online liberty is going to have negative implications on security is a very easy, and I would say, very lazy instinct.”

Granick countered by saying most professionals in Silicon Valley do not trust the government to police the Internet without secret hacks. For example, documents leaked by former NSA contractor Edward Snowden indicated the National Security Agency tapped into fiber optic cables transmitting data for Yahoo and Google.

“Last night you heard Eric Schmidt say that the NSA had hacked Google,” she said, referring to a keynote dinner conversation between the Google chairman and former Secretary of State Condoleezza Rice, a professor at Stanford's Graduate School of Business and a senior fellow at Hoover and the Freeman Spogli Institute.

The NSA has denied hacking into Google and Yahoo.

“Everyone here in Silicon Valley agrees with what he says,” she said. “Don’t fool yourself that he’s just saying that because that’s just Google marketing. Everybody at Twitter believes it; everybody at Facebook believes it. I am embedded in the privacy world and we’re all worried about consumer privacy and what these companies are doing with this information – but that doesn’t mean we trust the government to protect us.”

Aside from the government trust debate, other big takeaways were that surprisingly little is secure on the Internet and the threat of cyber attacks against the United States is one of the biggest issues facing Washington policymakers today.

They heard a warning in stark and unambiguous language from Jane Holl Lute, president of the Council on CyberSecurity and a consulting professor at CISAC.

"It's no longer possible to ignore this issue," said Lute, who until last year was deputy secretary for the Department of Homeland Security, where she was responsible for the day-to-day management of the department's efforts to prevent terrorism and enhance security. "Life online is fundamentally unsafe.”

She emphasized that the Internet is about "the power to connect, not to protect" and stressed the importance of practicing "cyber hygiene" to reduce problems. This includes monitoring the hardware and software running on a network, limiting administrative permissions, and real-time patching and monitoring of system vulnerabilities.

If organizations would just follow these steps, she said, 80 to 90 percent of cyber attacks would be prevented.

"We know a lot, but we're just not doing it,” she said.

Lute emphasized that today's world has an "existential reliance" on the Internet – more than 3 billion people in the world, including 80 percent of North Americans, have access to the Internet. All of this dependence comes against the reality that many companies and sites do not carry out basic hygiene to protect their networks.

The U.S. Senate and House staffers attending the boot camp come from both political parties and work on the U.S. Senate Select Committee on Intelligence and the Homeland Security, Appropriations, Judiciary, Energy and Commerce committees. The group also includes staffers working with House Minority Leader Nancy Pelosi, D-Calif., U.S. Sen. John McCain, R-Ariz., and Ed Markey, D-Mass., among others.

Senior executives from Microsoft, Visa, Palantir, Palo Alto Networks and U.S. Venture Partners had a robust discussion about how their companies battle cyber crime and share network data.

Ellen Richey, global head of enterprise risk for Visa, talked about her frustration with the international organized crime rings that attack financial institutions and credit cards companies.

“And they’re using that money to finance other types of illicit activities, such as human trafficking, drugs and terrorism, yet their governments don’ t go after them, or if they do go after them, they are released due to corruption in the courts,” Richey said.

She said Visa believes that at the end of the day, it’s not possible to adopt measures that are going to adequately protect against the growing threat of cyber crimes.

“So we believe that the ultimate answer for us is to get vulnerable data out of their hands,” Richey said. “You’ve got to shrink the battlefield.”

Facebook CSO Joe Sullivan addresses the boot camp, Aug. 20, 2014.

And the staffers heard a plea by Joe Sullivan, chief security officer at Facebook, to join them in the valley’s quest for better network security.

“The pace that we work at here in Silicon Valley is amazing. It’s exciting and fun to be a part of – but it’s really scary, too,” said Sullivan, a former federal prosecutor devoted to high-tech crime. “There are challenges that we have to deal with every day and we have to have really large and nimble security teams that are thinking about the next big thing before it launches.

“The question is: are government agencies thinking about these issues? Far too often – that is not the case. Hopefully when you go back to Washington you think about how we engage companies, how we engage with government agencies, think about the roles that we all play.”

Sullivan talked about Facebook’s “white hat” program, in which the social network invites users to find security vulnerabilities and report them for a bounty.

He said they have spent $3 million in the last three years in payouts to users around the world, such as the young Palestinian man who was able to hack into Facebook CEO Mark Zuckerberg’s page to warn him of a security flaw.

“We’ve focused on encryption, we’ve hired a lot of people and we’ve looked at data center traffic and all those things,” Sullivan said. “But one of the areas where I think we’ve tried to be at the forefront is about talking about security in a more open way.”

Sullivan said he believes there’s a “disconnect” when one talks about security between the private and public sectors and consumers.

“I feel like when the government talks about security, they’re talking about surveillance,” Sullivan said. “I think when consumers talk about security, they’re talking about safety.”

The big tech companies – Facebook, Microsoft and Google – must take “full ownership” of network security, though he wishes that were not always the case.

“We honestly don’t count on any government agency anywhere in the world to make the people who use Facebook secure,” he said. “We realize we have to do it on our own. Is that a good thing or a bad thing? I would suggest it’s a bad thing. I think we’d all like more help in securing our services.”

For more details about the boot camp speakers and program, visit this website.

Stanford's Condoleeza Rice and Google's Eric Schmidt greet congressional staffers attending boot camp. ©Rod Searcey

Image