GW Hosts First in Series of Major Conferences on Cybersecurity Policy

Michael Daniel, cybersecurity coordinator at the White House, and Sen. Saxby Chambliss, R-Ga., delivered keynote remarks.

April 29, 2013

Michael Daniel

Michael Daniel, the cybersecurity coordinator at the White House, delivers opening remarks at a cybersecurity conference on April 26 at GW.

A group of top cybersecurity experts, including high-ranking officials from the government and private sector, convened at the George Washington University on April 26 for the first of a series of conferences on cybersecurity, discussing the challenges in addressing cyber threats, the importance of public-private partnerships and the efforts, possibly including legislation, that seek to address what many consider an ever-increasing risk to national security.

The cybersecurity conference is co-sponsored by U.S. News & World Report and GW’s Cybersecurity Initiative, a university-wide effort launched last December and chaired by former U.S. Secretary of Homeland Security Michael Chertoff.

The initiative--which includes research centers and institutes along with graduate education and scholarship programs--is one of several the university has developed to address and effect change in a pressing national and international issue.

Michael Daniel, the cybersecurity coordinator at the White House who delivered opening remarks, said last week that he believes cyber threats are becoming more “sophisticated and dangerous.”

“I do believe there are some areas of concentrated risk we are trying to focus on,” he said, such as attacks to critical infrastructure, military and intellectual property espionage and efforts to constrain the Internet itself by certain countries’ regimes.

Because of the diffuse and serious nature of the threats, they cannot be tackled by any one agency or business--or even one country--alone, Mr. Daniel said. An effort that involves numerous government agencies, including those not typically seen as security or intelligence agencies, and collaboration with the private sector and international partners is crucial.

Sen. Saxby Chambliss, R-Ga., the vice chairman of the U.S. Senate Select Committee on Intelligence who also delivered remarks, largely agreed with Mr. Daniel, but emphasized the importance of a “real” public-private partnership--not a situation where the government tells industry what to do, he said.

For Congress’ part, Sen. Chambliss said legislation that gives companies full liability protection when sharing information--ensuring they don’t get wrapped up in lawsuits for their efforts to thwart cyber threats--is important. So, too, is giving government real-time access to information from the private sector.

Sen. Chambliss said he’s hopeful Congress can come together to pass a bill that will “work in practice, and is not just acceptable on paper.”

Both men also acknowledged the importance of protecting citizens’ privacy and civil liberties in any cybersecurity initiatives. Mr. Daniel added other efforts, such as the president’s executive order on cybersecurity and the development of some “best practices” in security, are also important.

Looking toward the future, Mr. Daniel said he’s worried cyber attackers could have the upper hand.

“We’re in Vegas and we’re playing against the house,” he said. “And ultimately the house wins. That is not a good place to be.”

But, Mr. Daniel added, with public and private collaboration, officials can “change the game we’re playing.”

After opening remarks, Frank Cilluffo, director of the Homeland Security Policy Institute, along with Mort Zuckerman, editor in chief of U.S. News & World Report, moderated a discussion with cyber experts from cybersecurity company Mandiant, Citigroup, the National Institute of Standards and Technology and the Department of Homeland Security, among others.

The panel discussed cybersecurity challenges, including increasing public awareness and efforts to deter cyber threats both domestically, through possible legislation, and abroad.

As Suzanne Spaulding, deputy under secretary for the National Protection and Programs Directorate of the Department of Homeland Security, noted, even CEOs need guidance in terms of which questions to ask of their organization in order to ensure cybersecurity. 

This high level of awareness is important given the nature of the wide threat spectrum. Shawn Henry, president of security startup CrowdStrike Services and former executive assistant director of the FBI, said, “Organized crime groups are just below nation states in terms of capabilities.”

Likewise, former director of the Defense Intelligence Agency and retired U.S. Army Lt. Gen. Ronald Burgess—who is now senior counsel for national security programs, cyber programs and military affairs at Auburn University—commented on the sheer scale of loss the country suffers from cyber attacks, estimating it amounts to up to $1 trillion a year.

Faced with a sophisticated and determined set of adversaries, Thomas Harrington, managing director and chief information security officer of Citigroup, said companies need to be able to move quickly and survive a bad day; shareholders expect companies to survive and maintain security.

GW Trustee J. Richard Knop, who chairs the initiative’s external advisory council, said in his introduction to the discussion that the Cybersecurity Initiative builds on GW’s policy research and unique programs and capabilities.

“The purpose is to engage academic, policy and industry leaders in thoughtful discussion and debate about the pressing cybersecurity issues and threats in the area of national and international security, economic competitiveness, technology and privacy,” Mr. Knop said.