The White House Summit on Cybersecurity and Consumer Protection started with substantive conversation through two plenary panels – the first on public-private cooperation and the second on improving cybersecurity practices at organizations oriented towards the consumer.
The first panel, moderated by Secretary of Homeland Security Jeh Johnson, focused on the details of avenues for government collaboration with industry. The panel featured chief executives from utilities, financial services, cybersecurity and healthcare and compared private-sector perspectives across industries.
Johnson opened the panel by emphasizing the role of academia in this partnership.
“We are here at Stanford to talk about the all-important subject on the subject of public-private collaboration,” Johnson said. “The discussion is relevant and timely.”
“At DHS we are responsible for securing the civilian .gov world, as well as partnering with the private sector in mitigation of cyber attacks and information sharing,” he added.
Kenneth Chenault, CEO and Chairman of American Express, followed Johnson’s comments by talking about issues faced by the payment industry regarding information security.
“In the context of collaboration, I really think that information sharing may be the single highest impact, lowest cost and fastest way to implement capabilities,” he said.
He used the example of the Financial Services Information Sharing and Analysis Center, through which financial services organizations share information.
“We work very closely with local, state and federal government agencies to disseminate critical cyber-threat alerts,” Chenault said. “Much of this has to do with our close collaboration with government partners. We also work closely with government on our senior cyber council.”
Mark McLaughlin, CEO of Palo Alto Networks, also emphasized this fact and spoke about the importance of the horizontal security collaboration that occurs, even between competitors.
“We know that we can’t prevent everything, but we also knows that one of the most effective ways to increase prevention is to share information,” McLaughlin said.
Elizabeth Sherwood-Randall, Deputy Secretary of Energy, discussed the role of the government in this relationship. Sherwood-Randall, who spend four years at the Center for International Security and Cooperation (CISAC) going into the government, also talked fondly about her time at Stanford and discussed the role of Stanford and SLAC in cybersecurity research.
“I’m thrilled to be back on the farm with all of you,” Sherwood-Randall said.
“The DoE has a lot of national labs,” she added. “We do cutting-edge research on critical challenges. Over the last several years 80 percent of control systems vendors have been tested by government by DoE Idaho lab.”
Bernard Tyson, CEO of Kaiser Permanente, talked about his organization’s dual approach to the problem.
“This is clearly a major issue for all of us,” Tyson said. “Within KP we are a unique organization in the healthcare industry. We have two business models – a health plan and then also a comprehensive delivery system.”
Tyson also discussed different kinds of consumer information.
“Research has shown that patient information is much more sensitive than financial information,” Tyson said. “We spend a tremendous amount of time in our org doing as much as we can keeping bad people out.”
Like the others, Tyson emphasized the importance of government relationships with the private sector.
“Public-private partnership is a natural,” he said. “We want to secure information for the good of the people that are putting their trust in our respective organizations. Interest is high to be involved and engaged.”
On a more personal note, Sherwood-Randall encouraged students in the audience to participate in public service and used the example of her own son, who will be part of Stanford’s Class of 2019.
“We hope we’re going to inspire you to take careers that lead you to public service,” Sherwood-Randall said.
In the second panel, the discussion moved toward consumer protection and the roles of government and the private sector in creating solutions optimized for this goal. Chaired by Secretary of Commerce Penny Pritzker J.D. ’84 MBA ’84, the panel featured executives from technology firms, payments firms and think tanks.
“It’s clear that cyber risks continue to grow,” opened Pritzker. “That’s why Congress must pass info sharing and data breach legislation and update our criminal code without delay.”
Speaking to the students in the audience, Pritzker emphasized the role of the University in this effort.
“[We] need to fill in the 2000 open cybersecurity jobs in the United States today,” she said. “Our panel today is focused on the perspectives of leading American businesses.”
Renee James, CEO of Intel, talked about the importance of an established baseline for security and of collaboration with industries and among players in the same space.
“We have been working on improving the baseline of security in computing for about the last decade,” she said. “We are moving forward with initiatives like giving away free mobile security, putting in multifactor authentication in all new computers.”
“More than half of [the] computers in the world go out with the security turned off,” she added. “It’s measurably better in this next generation – telecom companites are doing a great thing in pushing security on devices.”
James and Ajay Banga, CEO of MasterCard, both talked about collaboration across industries. Banga emphasized the changes technology has caused in how businesses sell and customers buy products and services.
“There’s a consumer customer, a bank customer, the merchant, the telecom company – whether you paid with cash or with a card or a phone or biometric, what you want are safety and security in the transaction form,” Banga said.
The panelists also discussed the future of cybersecurity and the need to encourage new minds to enter the field.
“I want to inspire you – we have jobs for you,” James said to students in the audience. “Please stay in the computer science department.”
She emphasized the importance of education and the tone of dialogue in combating gender disparity in the technology field.
“We also know that young girls drop out in middle school for math and science,” James said. “We need to let them know that there are cool jobs!”
Pritzker added that students coming out of education should have the analytical skills to take on modern challenges and that there needs to be more dialogue and collaboration around evaluating the effectiveness of education.
“Do I have to be that A+ math student throughout high school and [have] taken college math at 16 to be eligible?” she asked.
Nuala O’Connor, CEO of the Center for Democracy & Technology, addressed the critical issue of maintaining consumer protection and rights. She talked about a paradigm shift from looking at user information as a commodity to thinking of it in terms of the digital self.
“This is about my individual space in the online world,” she said. “At the end of the day, this is my personal data. We should be protective.”
President Barack Obama agreed with this sentiment later on the summit, during his Presidential Address.
“We need to make sure we are protecting the privacy and liberties of the American people,” he emphasized.
Contact Nitish Kulkarni at nitishk2 ‘at’ stanford.edu.