By Victor Xu
Following President Obama’s remarks at the White House Summit on Cybersecurity and Consumer Protection, the afternoon portion of the Summit began with an introduction by George Triantis, Director of the Stanford Cyber Initiative.
The afternoon program elaborated upon the ideas and issues brought up during the morning session, including interdisciplinary approaches to cybersecurity, security initiatives in businesses and secure payment technologies.
“The threats of cybersecurity call for urgent attention and new strategies,” Triantis said. “Its vulnerabilities threaten catastrophic consequences.”
Maria Contreras-Sweet, administrator of the U.S. Small Business Administration, offered several remarks on cybersecurity in relation to small businesses. She said that small businesses face several of the same challenges as large businesses but without as many resources. For example, most small businesses do not have a fraud department. Contreras-Sweet cited potential partnerships with companies like Square to address this need for cybersecurity improvements in small businesses.
After Contreras-Sweet’s remarks, the Summit featured a final plenary panel on secure payment technologies, moderated by Deputy Secretary of the U.S. Department of the Treasury, Sarah Bloom Raskin. According to Raskin, cutting-edge technology is crucial to keeping electronic payments, financial settlements and data safe and reliable.
“[Criminals] can [attack] at any of these stages, at any of the different processing junctures,” she said. “The opportunities for mischief are myriad…When retail payments in particular are targeted, consumers can lose confidence in the safety of their payments. Entire transaction and business models can be imperiled.”
Richard Davis, chairman and CEO of U.S. Bank, spoke about cybersecurity breaches and his prioritization of tasks necessary to address the threat of breaches to payment systems. A supporter of tokenization, the substitution of a sensitive piece of data with a non-sensitive piece of data, Davis also advocated for highly-integrated Information Sharing and Analysis Centers (ISACs).
“ISACs provide us with instant information,” Davis said. “A nanosecond after one bank gets hit, US Bank knows it can get hit by the same thing.”
Charles Scharf, CEO of Visa, also discussed his company’s new tokenization strategies in obfuscating customers’ identifying information as it is sent to firms.
Dan Schulman, President and CEO of PayPal, discussed the company’s commitment to allowing customers to make payments without sharing any sensitive information. This is done through security measures like tokenization, multistep authentication, biometrics and, increasingly, risk and data analysis.
“The way people typically break through is not through the PayPal system,” he said. “Somewhere between 500 million and a billion identities were compromised last year. So people come into your system with real credentials. They’re your credentials, just stolen… We can then do sophisticated algorithms that can see if you’ve been compromised or not based on your behavior.”
CEO and President of QVC Mike George emphasized specialized training for ecommerce developers and cited the usefulness of the Obama Administration’s cybersecurity framework in managing security at his company.
“We’ve embraced the framework that the administration has championed, George said. “It’s very powerful in looking at the end-to-end risk profile for your company.”
Alexander Gourlay, president of Walgreens, spoke about Walgreens’ Chip and PIN payment system, which requires both a smart card with an embedded microchip and a PIN supplied by the customer.
“We’ve also worked with Apple Pay,” Gourlay said. “Transactions have gone up fourfold. We are really excited about that technology.”
Next, the program featured an informal discussion about startups that use cybersecurity innovations to differentiate their business from others.
“It’s no longer sensible to providers and security services as separate entities,” said John Holdren, Director of the White House Office of Science and Technology Policy. “They need to be integrated from the beginning. That’s truly the case with the cloud.”
Aaron Levi, CEO and co-founder of Box, discussed the importance of making security a part of the product that customers use.
“We’re no longer just an application provider that hands over software to the consumer and assume that they are going to keep their data secure,” he said.
The afternoon session concluded with some remarks from John Mitchell, professor of computer science and vice provost for online learning. Mitchell noted how the conversation on cybersecurity has evolved over the last two decades, from basic encryption and choosing good passwords to more complex ideas like tokenization and secure payment options.
He expressed gratitude to the White House and President Obama for deciding to host the Summit in the first place.
“He’s brought attention to important topics that have been close to our heart for many decades,” Mitchell said.
Contact Victor Xu at vxu ‘at’ stanford.edu.