Widgets Magazine

The Dish Daily

Corporate security officers discuss technical ideas for the future

In a panel on Friday afternoon at the White House Summit on Cybersecurity and Consumer Protection, the Chief Security Officers of five Silicon Valley companies argued for user-safe technology and warned of the cybersecurity challenges faced by small and medium businesses.

Moderated by Amy Zegart, a senior fellow at the Hoover Institution and the co-director of CISAC, the discussion centered on technical ideas for a secure future.

 

Safety, not security

In a panel moderated by Amy Zegart (left), Facebook Chief Information Security Officer Joe Sullivan (right) and four others discussed technical security ideas. (CATALINA RAMIREZ-SAENZ/The Stanford Daily)

In a panel moderated by Amy Zegart (left), Facebook Chief Information Security Officer Joe Sullivan (right) and four others discussed technical security ideas. (CATALINA RAMIREZ-SAENZ/The Stanford Daily)

A guiding theme for the event was finding ways to motivate behavior that promotes cybersecurity, especially for consumers.

Scott Charney, Microsoft’s corporate vice president of trustworthy computing, advocated for technologies that prevent users from having to become security experts. For example, terms of service agreements have shown that users will click ‘OK’ on almost anything, so the burden placed on consumers should be minimized.

Yahoo Chief Information Security Officer Alex Stamos agreed that greater attention has to be paid to the user.

“We’re really good at building secure products, but that’s not the fight anymore,” Stamos said. “We need to build safe products.”

Melody Hildebrandt, Palantir’s global head of cybersecurity, argued that there isn’t enough information for consumers to make informed decisions. Cars have safety ratings and food has nutritional info, she noted, but Internet-facing products lack an analogue.

“Most consumers don’t know the questions to ask,” Hildebrandt said. Read more >>

White House Summit takes on balance between national security and digital privacy

Widening the flows of information between the private sector and the government was a central theme at today’s White House Summit on Cybersecurity and Consumer Protection. The topic was an issue of contentious debate both informally and formally through panels at the event.

Phyllis Schneck, Deputy Under Secretary for Cybersecurity and Communications at the Department of Homeland Security spoke to The Daily about some of the administration’s policy goals.

“First of all the reason we worry so much about info sharing is about connecting the dots,” she said.

Schneck talked about the importance of taking information from government and private sector resources and connecting the dots. She mentioned two interfaces, the NCIC (National Cybersecurity Communication Integration Center) and the CTIC (Cyber Threat Integration Center).

“The NCIC is the main interface for cybersecurity information sharing for the private sector,” Schneck said.

She also explained that the CTIC is a space for the intelligence community to work and combine information from multiple sources.

Not all of the attendees were as optimistic on information sharing, however. Nuala O’Connor, President and CEO of the Center for Democracy and Technology (CDT), addressed potential issues posed by this increased information flow.

“I am very concerned about sharing [information] with the government,” she said. “Once you’ve got data in the hands of any government agency, the chances that it will flow to other government agencies for other purposes is quite high.”

O’Connor explained that the CDT was calling for improved collaboration in the private sector to allow for better threat and risk analysis but was wary of the government connection.

“To have it end up permanently in the hands of the federal government in any wholesale manner is a huge civil liberties risk,” she added. “We need to be very leery of those kinds of solutions.”

One of the more concerning issues with large amounts of metadata, O’Connor explained, was the risk of metadata being de-anonymized. She cited Jonathan Mayer’s recently publicized research in the subject.

“Trend analysis, pattern analysis, that’s all good,” O’Connor said. “Your and my personal information about our transactions and our daily lives – that has a level of privacy associated with it that I think we really want to keep on the commercial side of the house.”

O’Connor also discussed the risks behind large amounts of metadata.

“When you look at it across different platforms, you can re-identify people; you can do trend analysis that could lead you to certain assumptions and judgments about people,” she said.

“I think metadata should be treated like data,” she concluded.

Apple CEO Tim Cook’s comments about the development of Apple Pay earlier in the day spoke to O’Connor’s point.

“Security was part of the reason we developed the technology for [Apple Pay],” he said. “It starts with the premise that your credit card purchases are personal to you, and they should stay that way. For every payment, we create a unique one-time code for that individual transaction.”

Schneck assuaged fears that increasing government interest in cybersecurity would dampen the burgeoning growth of network-enabled devices, the so-called “Internet of Things.”

“The innovators and the researchers are going to hold those reins [of control],” Schneck said. “I think you’re going to push the laws of physics even further, and you’re going to control how they are used. I think the role of government is to enable that.”

Schneck emphasized the fact that one of the Department of Homeland Security’s new missions is to be a front for cybersecurity information exchange.

Arthur W. Coviello, President of the RSA Division of EMC, expressed his issues with new government initiatives for information sharing. Coviello explained that policy should take the perspective that privacy should reinforce security instead of conflicting with it. RSA was acquired by EMC in 2006.

“Having an active debate on how we can secure the privacy and freedoms of us as individuals while still being able to determine who is trying to violate that privacy in the form of criminals and nation-states and hacktivists that would do us harm – that’s the issue that really needs to be discussed from a policy standpoint,” Coviello said.

Like O’Connor, Coviello emphasized the need for information flow but cautioned about open information flow to the government.

“The problem that we’ve had with the government in the past is a lack of transparency,” he said. “A big problem with the Snowden disclosures is that the National Security Agency was viewed to have not been transparent and going over the line in terms of the kind of data they were collecting.”

“I think that set the trust between private individuals and companies and the government a long way,” he added.

Scheck acknowledged the issue of maintaining a balance between data privacy and the protection of individuals but also emphasized that it is an important and current issue of policy debate.

“We want to be able to provide the most privacy we can for people’s data, and we also have to make sure that we can track bad guys,” she said. “I think the discussion is going to be very challenging.”

 

Advice and suggestions for students

The setting of the summit at Stanford encouraged attendees and panelists to emphasize the importance of cybersecurity issues to the current generation of students.

“[The] big scary advice people give is to be very aware of what is posted online in your profiles,” O’Connor told The Daily. “You will be seen by potential employers. My number one piece of advice is be wary of how you set your privacy settings and understand that what you have posted will be used to judge you.”

O’Connor expressed that there were some advantages to the surge of ephemeral communication technologies.

“We need better ephemeral systems and technologies – I can see some benefits from Snapchat,” she added, laughing.

Coviello expressed that students need to maintain caution while being online and discussed how the current generation of students live in an entirely new environment.

“You guys eat, drink, sleep, breathe technology,” he said.

“If anything I would caution you all to be careful about what kind of information you put out there and make sure you understand where it’s going and where you go wherever you are on the internet,” he concluded.

Schneck spoke to the importance of new minds entering into and learning about the field of cybersecurity.

“It is so important that we bring the best people into government,” she said. “I think [that in] the future you’ll find careers being a mix of the government and private sector, creating a hybrid of skills.”

Echoing remarks about the importance of education from President Obama and the morning session’s panelists, Schneck talked about nurturing technical skills.

“We need to start nurturing these skills from the high school level itself,” she said.

Schneck advised students to look at building technical understanding.

“It’s always helpful to understand how something works when you are deciding the policy around it,” Schneck said. “Even if you choose not to go into a purely technical field, the background will help you make better decisions.”

 

Contact Nitish Kulkarni at nitishk2 ‘at’ stanford.edu.

Victor Xu contributed to this article.

Payment technology changes discussed at cybersecurity summit

The afternoon session of the White House Summit on Cybersecurity and Consumer Protection discussed the more technical aspects behind cybersecurity policy.

Maria Contreras-Sweet, the administrator of the U.S. Small Business Administration, discussed imminent payment technology changes. (CATALINA RAMIREZ-SAENZ/The Stanford Daily)

Maria Contreras-Sweet, the administrator of the U.S. Small Business Administration, discussed imminent payment technology changes. (CATALINA RAMIREZ-SAENZ/The Stanford Daily)

Stanford Law School Professor George Triantis, chair of the Stanford Cybersecurity Initiative’s steering committee, opened by discussing the unique role and position that Stanford has to play in terms of cybersecurity.

“Stanford has been birthplace of many of the great tech advances in computing and network innovation,” Triantis said.

“Universities play a unique role through their research and their ability to work across issues,” he added. “The Stanford Cyber initiative embraces these goals of multidisciplinary research and engagement.”

Maria Contreras-Sweet, the administrator of the U.S. Small Business Administration, followed Triantis with remarks on the subject and the event.

Addressing the large crowd in the Graduate School of Business’ CEMEX Auditorium, she opened with a reference to the event’s date: Friday the 13th.

“You ever notice that when you wander off from the group, things don’t go very well?” she asked. “It’s a great lesson for cybersecurity.” Read more >>

President Obama addresses cybersecurity issues, signs executive order

President Obama signed an executive order Friday afternoon (KEVIN HSU/The Stanford Daily)

President Obama signed an executive order at the Summit on Friday afternoon. (KEVIN HSU/The Stanford Daily)

In the keynote address of the White House Summit on Cybersecurity and Consumer Protection, President Barack Obama called cybersecurity threats one of the most serious economic national security challenges the country faces today.

 

Hosting the Summit at Stanford

Highlighting some of the significant technological innovations that came from the University, Obama explained that the choice to host the Summit at Stanford was natural.

“When we had to decide where to have this summit, the decision was easy because so much of our information age began right here at Stanford,” Obama said.

“According to one study, if all the companies traced back to Stanford graduates formed their own nation, you’d be one of the largest economies in the world and have a pretty good football team as well,” he added.

The President even joked about his desire to attend Stanford University.

“I’ve got to admit, I kind of want to go here,” he said. “Everybody here is so friendly and smart, and it’s beautiful.  What’s there not to like?” Read more >>

White House Summit panels address public-private cooperation, consumer-oriented security

cyber_panel-1

(CATALINA RAMIREZ-SAENZ/The Stanford Daily)

The White House Summit on Cybersecurity and Consumer Protection started with substantive conversation through two plenary panels – the first on public-private cooperation and the second on improving cybersecurity practices at organizations oriented towards the consumer.

The first panel, moderated by Secretary of Homeland Security Jeh Johnson, focused on the details of avenues for government collaboration with industry. The panel featured chief executives from utilities, financial services, cybersecurity and healthcare and compared private-sector perspectives across industries.

Johnson opened the panel by emphasizing the role of academia in this partnership.

“We are here at Stanford to talk about the all-important subject on the subject of public-private collaboration,” Johnson said. “The discussion is relevant and timely.”

“At DHS we are responsible for securing the civilian .gov world, as well as partnering with the private sector in mitigation of cyber attacks and information sharing,” he added.

Kenneth Chenault, CEO and Chairman of American Express, followed Johnson’s comments by talking about issues faced by the payment industry regarding information security.

“In the context of collaboration, I really think that information sharing may be the single highest impact, lowest cost and fastest way to implement capabilities,” he said. Read more >>

Apple CEO Tim Cook offers remarks on cybersecurity, consumer protection

Apple CEO Tim Cook gave remarks before President Barack Obama’s speech today at the White House Summit on Cybersecurity and Consumer Protection. He focused on Apple’s role in ensuring consumer protection, and on trust associated with user information and data.

“Our hardware and software use encryption,” he said.  “We have a security and operations team monitoring our infrastructure 24/7.”

Apple CEO Tim Cook addressed the audience at the White House Summit on Cybersecurity and Consumer Protection (KEVIN HSU/The Stanford Daily)

Apple CEO Tim Cook addressed the audience at the White House Summit on Cybersecurity and Consumer Protection (KEVIN HSU/The Stanford Daily)

One point that Cook emphasized was the different view Apple takes with regards to data and users, attmempting to make a clear distinction between Apple and other technology companies.

“We have a model focused on selling products, not on selling your personal data,” he underlined. “When we ask you for data, it’s to provide you with better services, and you have a choice on how much information you share.”

He added that Apple set the industry’s highest standards and spoke about Apple Pay, discussing the importance of security and its integral role in the product’s development.

“Security was part of the reason we developed the technology for [Apple Pay],” he said. “It starts with the premise that your credit card purchases are personal to you, and they should stay that way. With Apple Pay, your credit card numbers are not stored on the device or the phone. Instead, for every payment, we create a unique one-time code for that individual transactions. They remain private between you, your merchant and the bank.”

He announced that starting September of this year , Apple Pay will be available for transactions with the federal government.

“[We are] working on initiatives to use this technology with [government] benefit programs,” he added.

“We can imagine a day in the not so distant future where your wallet becomes a remnant of the past, and your passport, driver’s license and other important docs can be digitally stored in a way that is safe, secure and easy to access.”

Cook closed by underlining the importance of collaboration and information sharing between government and the private sector.

“We’re commited to engaging productively with the White House and Congress and putting this into action. It’s important to realize we are all talking about the same people. Too many people do not feel free to practice their religion or express their opinion or love who they choose. A world in which that information can make the difference between life and death.”

The Hacker + Humanist: A conversation with Xfund’s Patrick Chung

A few days ago, I interviewed Patrick Chung, founding partner of Xfund (podcast below). Xfund is a relatively new VC fund  that raised its second fund of $100 million just a few months ago, and is partnered with the likes of NEA, Accel, Breyer Capital and Polaris Ventures. They invest in what they call the “hacker meet humanist” — that special mix of the critical thinker and coder. Prior to founding Xfund, Patrick started ZEFER, a website-building company for enterprises during the first dot-com boom, which later got acquired, and worked as a partner at NEA, making investments in companies like 23andMe, IFTTT, Pulse, Loopt and Xoom.

Over the span of 40 minutes, we had a great dialogue (podcast below), covering Xfund’s thesis, the scalability of venture capital and what he looks for in founders.

Xfund is focused on finding people who, beyond possessing technical gifts, have the analytical minds often found in the liberal arts.

For me, the best part of Patrick’s talk came about halfway through the podcast. Patrick noted that the barriers to entry for starting a company are now knocked down: He waxed poetic and called it a golden era for innovation. This doesn’t imply that there are only good startups — to believe so would be naïve. There will always be bad startups. However, now more than ever, it’s about how gritty the founders are and how much they hustle: It’s about people, not bits. And in such an environment, where ideas and perseverance rule supreme, I have to agree.

Talk to Will Kim at wkim1 ‘at’ stanford.edu.

NovoEd: Group project-based online education

NovoEd redefines the traditional video and quiz online education pedagogy by providing a social and community-based experience. The online social learning platform’s mission is to provide their online students with what Stanford students have access to on campus: high-quality smart people and the opportunity to work with them.

Read more >>