Vinton Cerf, who helped develop the Internet while at Stanford in the 1970s, will deliver the 2014 Drell Lecture at Stanford on Jan. 22. Now the vice president and chief Internet evangelist at Google, Cerf will talk about safety and security in a transnational environment.
Vinton Cerf, a pioneering computer scientist who helped launch the Internet, will talk at Stanford University on Jan. 22 about security in our highly wired, globalized world.
Cerf's talk, "Safety and Security in a Transnational World," is the 2014 installment of the Drell Lecture, which is sponsored by Stanford's Center for International Security and Cooperation at the Freeman Spogli Institute for International Studies. The lecture is named for CISAC's co-founder, Sidney Drell.
The event will take place from 4:30 p.m. to 6 p.m. in the Oak Lounge on the second floor of Tressider Memorial Union. The event is free and open to the media and public; no RSVP is required.
Cerf, who earned a bachelor's degree in mathematics at Stanford University, worked in the Silicon Valley computer industry before serving as an assistant professor at Stanford from 1972 to1976. During that time, he helped co-design the fundamental architecture underlying the Internet. In 1997, President Bill Clinton presented the U.S. National Medal of Technology to Cerf and his colleague, Robert E. Kahn, for founding and developing the Internet. Since 2005, Cerf has worked as the vice president and chief Internet evangelist for Google.
Cerf's lecture will include moderated questions and will be live-streamed online at www.ustream.tv/channel/stanford-cisac. CISAC will also be live-tweeting during the event and you can follow the conversation at #VintCerfFSI.
Clifton B. Parker is a writer for the Stanford News Service.
CISAC Honors Student Mailyn Fidler has been awarded a Marshall Scholarship to continue her studies in international technology policy. She investigates security implications of the global trade in "zero-day" software exploits. Fidler has also worked as a consultant for Google Glass, autonomous vehicles and Internet access through atmospheric balloons, and was the co-founder and co-editor-in-chief of the Stanford Journal of Public Health.
Marshall Scholarships are named for former U.S. Secretary of State and U.S. Army General George Marshall, and are given to intellectually distinguished Americans to study in Britain.
About the Topic: The Internet in 2014 is a marvelous communication utility. It provides cheap and fast transfer of information to and from most places on or near the surface of Earth. It also regularly betrays that information to curious onlookers, commercial entities, criminals, and governments. We will explore the origins of the Internet, the workings of its core protocols, exploits which take advantage of those protocols, and feeble attempts to make those protocols secure. In sum, we will describe the devolution of the Internet from a peaceful commons to the jungle it is today.
About the Speaker: Tom Berson is a CISAC affiliate and the founder of Anagram Laboratories. He is a cryptographer who views cryptography broadly as the science and ethics of trust and betrayal. He has spent his career working both the defensive and the offensive sides of the information security battle and is attracted most strongly to security issues raised at the confluence of technology, business, and world events.
Tom is a student of Sun Tzu’s Art of War and its applicability to modern information conflict. He was the first person to be named a Fellow of the International Association for Cryptologic Research. His citation reads, “For visionary and essential service and for numerous valuable contributions to the technical, social, and commercial development of cryptology and security.” He was an editor of the Journal of Cryptology for fourteen years. He is a Past-Chair of the IEEE Technical Committee on Security and Privacy.
Tom earned a B.S. in physics from the State University of New York in 1967 and a Ph.D. in computer science from the University of London in 1977. He was a Visiting Fellow in Mathematics in the University of Cambridge, and is a life member of Clare Hall, Cambridge. Tom has been a member of several National Research Council committees: including the Committee on Computer Security in the Department of Energy, the Committee to Review DoD C4I Plans and Programs, and the Committee on Offensive Information Warfare.
CISAC Conference Room
Tom Berson
CISAC Affiliate; Founder, Anagram Laboratories
Speaker
Calling cybercrimes “the threat of the future,” former FBI Director Robert Mueller said federal investigators and businesses need to share information collected online in order to find and thwart hackers trying to disrupt Web-based networks.
“The intelligence that can be and is being collected by the private sector has to be made available in some way, shape or form to the federal government,” Mueller said. “And that which we pick up has to be made available to the private sector. If we do not get that kind of collaboration, we will replicate what we had before 9/11 when we had stovepipes and inadequate ways of sharing information.”
Mueller – who took over the FBI a week before the Sept. 11 terrorist attacks and left the job two months ago – made his comments Friday while delivering the Payne lecture at Stanford.
“Terrorism remains today our primary threat,” Mueller said. “But tomorrow, it will probably be cyber and its various iterations.”
He said cybercrimes present a new challenge to law enforcement agencies because perpetrators are often anonymous and their motives are not always clear.
A hacker could be associated with a terrorist organization, an activist group or “an 18-year-old in his garage here in Silicon Valley who has the talent and capability and wants to make a point.”
And if the bad guy can’t be easily fingered, it’s difficult to know who should investigate the crime – the FBI, CIA, NSA or another agency. In order to pool federal resources, Mueller said a task force composed of 18 agencies works to examine cyber threats.
But their efforts to safeguard online financial, government, corporate and educational systems will go only so far without the expertise, knowledge and information gathered by Internet service providers.
“It is going to be the relationships with the private sector that are going to be absolutely critical to any success we can have in addressing cyber attacks,” he said.
Mueller’s lecture capped his weeklong visit at Stanford. He was invited by the Freeman Spogli Institute for International Studies and Stanford Law School to spend the academic year as a consulting professor and as the Payne Distinguished Lecturer.
The Payne Lectureship is named for Frank E. Payne and Arthur W. Payne, brothers who gained an appreciation for global problems through their international business operations. The position is given to someone with an international reputation as a leader, with an emphasis on visionary thinking; a broad, practical grasp of a given field; and the capacity to clearly articulate an important perspective on the global community and its challenges.
“His career embodies what I take to be the ethos of this university –practical yet principled; sensitive to complexity but also to the value of clarity and focus,” Cuéllar said.
Mueller will make several visits to Stanford during the year, spending his time working with FSI and law school scholars to develop research agendas on emerging issues in international security. He will hold graduate seminars and deliver a major lecture at the law school and work with students and fellows at the Haas Center, the law school and the Graduate School of Business. He will also mentor honors students at FSI’s Center for International Security and Cooperation and Center on Democracy, Development, and the Rule of Law.
As the FBI’s longest-serving director after J. Edgar Hoover, Mueller presided over some of the most drastic changes in the agency’s history.
The Sept. 11 attacks forced the FBI to change its priorities, placing the hunt for global terrorists at the top if its list. The counterterrorism and counterintelligence missions meant hiring more analysts and replacing the FBI’s more traditional targeting of mobsters, murderers and white-collar criminals.
Recalling his first briefing to George W. Bush after the terrorist attacks, Mueller said he began by telling the president what his agents were doing to investigate. He had been on the job for about a week, and started giving a rundown of command centers that were set up, evidence that was being collected and interviews being conducted.
“I’m about two or three minutes into it and President Bush stops me and says, `Bob, that’s all well and good,’” Mueller said. “That’s what the FBI has been doing for the hundred years of its existence. My question to you is: What is FBI doing to prevent the next terrorist attack?”
The question stumped the new director.
“I had not prepared for that question,” he said.
And it’s a question he answered continuously during the Bush and Obama administrations, and one that led to his reorganization of the FBI.
“Over those 12 years, the question has not changed,” Mueller said. “The question from both of the presidents to the FBI, to the CIA, to the community when it comes to counterterrorism is: What have you done to prevent the next terrorist attack?”
CISAC affiliate John Villasenor argues in this Brookings paper that the country's defense electronics supply chain is almost completely unprotected against a threat that may turn out to be more significant in the long term: Chips could be intentionally compromised during the design process, before they are even manufactured.
The paper aims to help frame the discussion regarding how best to respond to this important and underappreciated aspect of cybsercurity.
Robert Mueller became director of the FBI one week before 9/11 and spent the next 12 years adding global terrorists to the agency’s most-wanted list of gangsters, kidnappers and bank robbers – and aggressively hunting them down.
Now, two months after leaving the job that allowed him to transform the FBI and focus its agents more on counterterrorism and emerging threats like cyber crimes, Mueller will work closely with Stanford scholars to better understand the challenges and issues surrounding international security and online networks.
At the invitation of the Freeman Spogli Institute for International Studies and Stanford Law School, Mueller will spend the current academic year as a consulting professor and the Arthur and Frank Payne Distinguished Lecturer.
He will also visit the Haas Center for Public Service and meet with students to discuss leadership and service around cybersecurity, and work through FSI to train and mentor undergraduate students.
"I look forward to working with the students and faculty of Stanford to address critical issues of the day, including counterterrorism, cybersecurity and shepherding institutions through transition,” Mueller said. “Having worked on these issues as FBI director over the last several years, I hope to pass on the lessons I have learned to those who will be our leaders of tomorrow. For my part, I hope to gain fresh insight and new thoughts and ideas for the challenges our country continues to face."
Mueller will make several visits to Stanford, spending about 30 days on campus during the academic year. His first visit comes next week, and will be marked by his delivery of the Payne lecture on Nov. 15. The public talk will focus on the FBI’s role in safeguarding national security. It will be held at 4:30 p.m. at the Koret-Taube Conference Center in the John A. and Cynthia Fry Gunn Building.
“Bob Mueller is an extraordinary public servant who will bring an enormously important perspective to some of the most complex security issues in the world,” said FSI Director Mariano-Florentino Cuéllar. “We’re excited that he can help shape our research agenda on cybersecurity and other security issues.”
Mueller will spend the year working with FSI and Stanford Law School scholars to develop research agendas on emerging issues in international security. He will hold graduate seminars and deliver a major lecture at the law school and work with students and fellows at the Haas Center, the law school and the Graduate School of Business. He will also mentor honors students at FSI’s Center for International Security and Cooperation and Center on Democracy, Development, and the Rule of Law.
"Robert Mueller has been a federal prosecutor and the nation’s leading law enforcement official during very difficult times. We are thrilled he will be interacting with our students and faculty because he has much to teach us,” said M. Elizabeth Magill, dean of the law school. "His unique perspective on the intersection of law and international security will be tremendously beneficial to our community. We are delighted to welcome Director Mueller back to Stanford Law School."
As the FBI’s chief, Mueller created a dedicated cybersecurity squad in each of its field offices and dedicated about 1,000 agents and analysts to fight Web-based crimes. At Stanford, he will bring together academics and practitioners with an eye toward creating an unofficial diplomacy dialogue.
“Should a terrorist utilize cyber capabilities to undertake an attack, it could be devastating,” he said just before leaving the FBI in September. “We have to be prepared.”
Mueller received a bachelor’s from Princeton in 1966 and a master’s in international relations from New York University a year later. He fought in Vietnam as a Marine, leading a rifle platoon and earning the Bronze Star and Purple Heart. After leaving the military, Mueller enrolled at the University of Virginia Law School and received his law degree in 1973.
He began his law career as a litigator in San Francisco, and in 1976 began a 12-year career serving in United States Attorney’s offices in San Francisco and Boston focusing on financial fraud, terrorist and public corruption cases. He worked for two law firms before returning to the U.S. Attorney’s office in Washington, D.C., where he was a senior homicide investigator.
He was named U.S. Attorney in San Francisco in 1998, and held that job until President George W. Bush tapped him to lead the FBI. His first day on the job was Sept. 4, 2001.
“When I first came on board, I thought I had a fair idea of what to expect,” Mueller said during his farewell ceremony at the FBI ‘s headquarters in Washington “But the September 11 attacks altered every expectation.”
About the Topic: The cyber security landscape has seen dramatic changes in recent years with the advent and evolution of new, growing, and ever-present adversaries. As targeted attacks and advanced adversaries continue to evolve and become increasingly sophisticated, it becomes difficult to keep pace and stay protected. Existing security technologies are incapable of identifying determined adversaries and protecting your intellectual property. Enterprises must combat these threats with targeted attack detection, prevention, and monitoring. By leveraging big data technologies and security intelligence, companies can proactively respond to advanced threats while also gaining the ability to hunt, query, and gain insight into all activity across the enterprise.
About the Speaker: Serial entrepreneur George Kurtz co-founded CrowdStrike, a cutting-edge, big data, security technology company focused on helping enterprises and governments protect their most sensitive intellectual property and national security information. Kurtz is an internationally recognized security expert, author, entrepreneur, and speaker. He has more than 20 years of experience in the security space, including extensive experience driving revenue growth and scaling small and large organizations. His entrepreneurial background and ability to commercialize nascent technologies has enabled him to drive innovation throughout his career by identifying market trends and correlating them with customer feedback, resulting in rapid growth for the businesses he has run.
His prior roles at McAfee, a $3-billion security company, include Worldwide Chief Technology Ocer and GM, as well as SVP of Enterprise. Prior to joining McAfee, Kurtz started Foundstone in October 1999 as the founder and CEO responsible for recruiting the other six founding team members. Foundstone, a world wide security products and services company, had one of the leading incident response practices in the industry, and was acquired by McAFee in October of 2004. He also authored the best-selling security book of all time, Hacking Exposed: Network Security Secrets & Solutions.
CISAC Conference Room
George Kurtz
President/CEO & Co-Founder, CrowdStrike
Speaker
ABOUT THE TOPIC: In his talk, Jack Goldsmith will explain why he is skeptical about significant cybersecurity cooperation among military rivals, especially at the treaty level. He will, however, argue that the Snowden revelations make such cooperation more, not less, likely.
ABOUT THE SPEAKER: Jack Goldsmith is Henry L. Shattuck Professor of Law at Harvard University, where he specializes in national security law, international law, internet law, and presidential power. Goldsmith is the author of five books and numerous articles covering these topics. His recent books include: Power and Constraint: The Accountable Presidency After 9/11 (W.W. Norton, 2012); The Terror Presidency: Law and Judgment Inside the Bush Administration (W.W. Norton, 2007); Who Controls the Internet? Illusions of a Borderless World (Oxford Press, 2006, with Tim Wu); and The Limits of International Law (Oxford Press, 2005, with Eric Posner). Prior to his time at Harvard, Goldsmith was Assistant Attorney General in the Office of Legal Counsel from October 2003 to July 2004 and Special Counsel to the General Counsel to the Department of Defense from September 2002 through June 2003.
CISAC Conference Room
Jack Goldsmith
Henry L. Shattuck Professor of Law, Harvard Law School
Speaker
Jonathan Mayer
Cybersecurity Fellow, CISAC
Commentator
CISAC Co-Director Amy Zegart and nine other national security and intelligence scholars were recently invited to the headquarters of the National Security Agency in Fort Meade, Md., for unprecedented talks with high-ranking officials. They discussed cybersecurity, the plummeting public trust in the agency, its relationship with Congress and how to rebuild the agency’s reputation and rethink its program operations.
The academics were first taken to the black granite wall carved with the names of 171 military and civilian cryptologists who have died in service. “I think they wanted us to know that this is an organization of people, not some robots trolling through your emails,” said Zegart, author of the book, “Spying Blind,” which examines why U.S. intelligence agencies failed to adapt to the terrorist threat before the 9/11 attacks.
The scholars were then taken to a windowless conference room for several hours of what Zegart called remarkably frank and free-ranging talks about the agency and its tactics.
The NSA is one of the world’s most secret intelligence gathering organizations. Its methods have come under intense scrutiny with a series of damaging leaks about its operations. Former NSA contractor Edward Snowden and national intelligence reporters have revealed tactics that have left many Americans cold and questioning the legality and necessity of the agency’s methods. From monitoring emails and phone calls, to secretly cracking encryption codes that protect personal email as well as financial and medical records and Internet chats – the revelations just keep coming. Civil liberty organizations and Internet privacy advocates here at Stanford are outraged, while some foreign governments are accusing Washington of Big Brother tactics run amok.
Zegart answers questions about those perceptions and her Sept. 23 briefing at NSA headquarters.
Are the accusations that the NSA is Big Brother squared fair?
Image
If you look at the reporting on the NSA so far, there is zero evidence of a widespread, deliberate and nefarious plan by the agency to violate the law and spy on American citizens. This is a policy debate, not a scandal. There’s no question in my mind that the NSA has interpreted its legal authority to the maximum extent of the law possible. They’ve taken what Congress has granted them and they have pushed to the edge – but that’s a very big difference from running amok.
How did this unprecedented meeting come about and why do you think the senior NSA officials – who asked not to be identified – called on social scientists?
In our group, the last time someone went to the NSA was in 1975, which tells you how rare it is for them to invite academics in. The was a sense at senior levels that they need to think more systematically and long-term about education, about being more open to academics coming in and doing research about the NSA and hearing what academics have to say. In part, thought-leaders at universities can play a role in transmitting some of the complexities in which the NSA operates – the tradeoffs the agency is confronting and the constrains under which they are operating.
The other academics invited to the NSA on Monday were William Inboden of the University of Texas, Austin; Michael Desch of Nortre Dame University; Jeffrey Engel and Joshua Rovner of Southern Methodist University; Thomas Mahnken of the U.S. Naval War College; Richard Betts of Columbia University; Benjamin Wittes of The Brookings Institution; Kori Schake of Stanford University; and Robert Chesney of the University of Texas, Austin.
One thing this meeting highlighted for me is that the NSA is not free to respond to the criticism it gets in the press. It’s intertwined with other organizations that have a say in how it responds: the Office of the Director of National Intelligence, the FBI, the Justice Department and the White House. And they have never had to deal with the spotlight before. They gave me this statistic: Last summer, there were 167 legitimate questions from the press; in the summer of 2013 there were 1,900 media requests. That’s a tenfold increase. This is a whole new world for this agency. And to go against secrecy is just totally counter to their culture. This was a bold step for them to have us come in.
Did the NSA officials talk about whether they had broken any laws?
They definitely wanted us to believe that what they are doing is lawful and effective. I believe the lawful part; I’m not so sure about the effective part. I think they haven’t looked hard enough about what effective means. Do they know it when they see it? And who’s to judge?
They were quick to point out that they’re under extensive oversight both by Congress and the Foreign Intelligence Surveillance Act (FISA) court. The question is whether Americans are comfortable with the lines that have been drawn by their own government and if they’re comfortable with the lack of transparency. The NSA is really bad at letting us know what the gains are (from surveillance) and they’ve struggled with how to deal with the public reaction to the Snowden revelations.
This is an intelligence agency and they’re supposed to be stealing information from other governments; that’s what we pay them to do and other governments would use those capabilities in an instant if they had them. That has gotten lost in the debate. When I talk to my parents and friends, they think that the NSA is listening in on their phone calls. That’s just not true. They’re examining phone logs: who called whom and for how long. No one is listening to your conversation with grandma.
The fundamental problem is that the NSA is highly regulated – but nobody trusts the regulatory framework."
Did you discuss former NSA contractor Edward Snowden?
Extensively. It’s the biggest breach in the agency’s history. They’ve been in crisis mode since June. They’ve been putting our fires every day and the arsonist is still out there. NSA officials told us that they know 125 documents have been compromised; they believe Snowden probably has already passed to the press another 50,000 documents and that the entire tranche that he may have taken is bigger than that. But there’s a question about whether that tranche is accessible, that Snowden may have done things to make some of his data hard to read.
They said Snowden didn’t just download documents he himself had access to. He used social engineering, convincing someone else to give him access to additional information to breach security protocols. Meanwhile, Snowden had plenty of avenues for whistleblowing, including five inspectors-general and the members of the congressional intelligence committees, but he availed himself of none.
Have Snowden’s actions endangered national security or international relations?
The standard lines about “irreparable harm” are not convincing to many people because they are so vague, we’ve heard them so often, and the government classifies boatloads of information that shouldn’t be secret. But NSA officials got a little more specific. They said Snowden has hurt national security in three ways: The first is that he revealed government surveillance capabilities. Second, he’s revealed politically embarrassing things that are harming relations with our allies – and they believe there is more to come. (Brazilian President Dilma Rousseff postponed a state visit to Washington, for example, following the release of evidence that the U.S. spied on Brazilian politicians and business leaders.) They said Snowden has a pattern of releasing embarrassing information around big international meetings, such as the G20 summit. The third damaging impact is that Snowden has hurt the NSA’s ability to produce intelligence.
What are some of the challenges and solutions moving forward?
Intelligence is a political loser and so you see a lot of members of Congress who says they are shocked – shocked! – to find out what the NSA is doing when they had full opportunity to be briefed on these programs for a long time. So they’re making political hay out of NSA’s difficulties. Most members of Congress have zero incentive to actually learn anything about the complexities of intelligence because the voters don’t hear about it and they don’t reward them for it.
The near-term challenge is to stop Congress from doing something stupid, such as the wholesale cancelling of NSA programs and capabilities. The medium-term challenge is to figure out what sensible options there are to restoring the public trust and make the NSA more transparent and more targeted in its collection approach. When NSA chief Keith Alexander steps down, we are going to see all of these issues come to a head in a very public way with the confirmation of the next director.
The longer-term challenge is creating better mechanisms to assess whether NSA should do things just because it can technically – to weigh the wisdom and efficacy of programs, not just their legality. The NSA also needs a sustainable education campaign so that when things break in the news, legislators and constituents have an understanding of what this agency does and can put these revelations into perspective.
They definitely wanted us to believe that what they're doing is lawful and effective; I believe the lawful part, I'm just not so sure about the effective part."
What are the strengths of the NSA that the public doesn’t get to see?
The NSA is the organization that’s responsible for information assurance, like if you’re in government on a secure phone line. And most people don’t know the NSA wrote the codes to protect our nuclear arsenal from day one. So the NSA has two, often conflicting missions. One is signals intelligence, which is offense, and the other is the information assurance that is defense. In an era of cyber vulnerabilities, information assurance is huge. They feel like they were doing what they were authorized to do and serving the mission and that they are being characterized as evil for doing what they think is right.
What were your biggest takeaways from this meeting?
I would say one of the things that I did walk away from the meeting hearing – and I think that perhaps this is the big policy question – is that the NSA orientation is to collect now, ask questions later. So the question is: Is that the right operating philosophy; are we comfortable as a democratic society with that collect-now-ask-later approach?
