On March 21, Microsoft Vice President Scott Charney and Estonian Ambassador Marina Kaljurand attended a World Executive M.B.A. class at the George Washington University, in which selected students presented research papers they’d written after traveling to Estonia this January.
Afterward, Mr. Charney and Ms. Kaljurand participated in a public panel discussion titled “International Challenges and Opportunities: Law and Policy on Cybersecurity,” featuring Jason Healey of the Atlantic Council, James Lewis of the Center for Strategic and International Studies and Christopher Painter from the U.S. Department of State. The panel was cohosted by GW’s Law School.
GW’s World Executive M.B.A. in Cybersecurity program conducted its first international residency between Jan. 7 and Jan. 16, allowing 18 students to travel to Estonia’s capital, Tallinn. An itinerary developed by Frank Cilluffo, the director of GW’s Homeland Security Policy Institute, boasted a series of high-profile meetings with the chairmen of the Estonian Parliament’s cybersecurity and national defense committees, the Minister of Education, senior officials from the NATO Cooperative Cyber Defense Center of Excellence based in Tallinn and the country’s president, Toomas Ilves.
The visit was a crucial case study for students because of Estonia’s leading e-government measures and top digital intelligence strategies. First-year World Executive M.B.A. student Shaun Khalfan explained that the country’s investments in computer education have made it an ideal model for cybersecurity policies in other nations.
“They have first graders learning to code; they’ve focused on technical skills early,” he said, adding that after the country experienced Russian cyber attacks in 2007, they were able to scale technology-focused initiatives to their small population quickly.
Upon returning from the trip, Mr. Cilluffo asked students to draw from their conversations in Estonia and write research papers analyzing how NATO can enhance its cybersecurity mission. Students were also asked to recommend offensive and defensive measures NATO could take to protect against and respond to cyber attacks.
Mr. Khalfan and first-year World Executive M.B.A. students Jared Ross, Brian Fricke, Mathew Antony and Hillary Lewis wrote the top paper, “Recommendations for NATO: Offensive, Defensive and Deterrence Capabilities,” which was presented to Mr. Charney and Ms. Kaljurand during the class.
In the paper, the students recommended NATO leverage its Rapid Response Team to identify cyber attack incidents and work with the Computer Emergency Readiness Teams (CERTs) of countries to resolve conflicts.
Mr. Charney provided unique insight on the role of the private sector in international cyber conflicts using anecdotes from his career at Microsoft. Ms. Kaljurand spoke to the importance of diplomacy in minimizing cyber crimes between countries. Both guests responded to the student presentation, posing hypothetical questions on how to scale their recommendations and ensure cooperation among nations. At the end, Ms. Kaljurand asked for copies of the paper to send to the NATO Cooperative Cyber Defense Center of Excellence.
Mr. Khalfan said that while he was nervous about presenting to Mr. Charney and Ms. Kaljurand, their perspectives were invaluable.
“It’s a little bit daunting, but it’s exciting and a great opportunity to share our ideas, our perspectives and our research and use them as a sounding board to solicit [Mr. Chaney’s and Ms. Kaljurand’s] thoughts as we look at the next steps we need to take—not just as a country, but globally—in the cyber domain,” he said.
The panel discussion following the classroom session offered a diverse range of opinions on how to implement cyber policies from a political, legal, private sector and military perspective. The panelists agreed on the importance of defining cyber threats more clearly and reporting cyber crimes (such as identify theft), cyber espionage or cyber military attacks in specific terms. They also highlighted recent cyber conflicts and discussed the challenges of creating baseline cyber law standards both nationally and internationally.
Cyber incidents have steadily gained media attention, including a recent large-scale network attack in South Korea that shut down bank ATMs throughout the country. Mr. Cilluffo testified in Congress the day before the panel, discussing the magnitude and nature of cyber threats posed by Iran, Russia, North Korea and China—four nations with significant but varying cyber capabilities and intent, and the potential to generate significant adverse consequences for the United States and its critical infrastructures.
The classroom session and the panel brought the dialogue to GW’s campus, but more importantly, Mr. Cilluffo said, it allowed students to exchange thoughts with experts in a meaningful way.
“I think it spoke volumes when Ambassador Kaljurand asked for their PowerPoint briefing and paper so that she could send them along to the NATO Center of Excellence,” he said. “Now that’s impact—and the intent behind the program.”