Securing Our Digital Future
Peter Schwartz, Senior Vice President of Strategic Planning at Salesforce.com, drew three provocative scenarios involving the future of cybersecurity. He imagined the first, “conventional” possibility of continued status quo where “good guys” battle “the bad guys” who attack and exploit the Internet’s vulnerabilities. In the second, more grim scenario, he imagined a future where great conflicts and even war broke out over cyber attacks and cyber control. In the third, best-case scenario, technological breakthroughs and international collaboration enable the construction of an extra-secure “Internet 2.0,” which overlays the rest of cyberspace to protect sensitive transactions (such as those involving financial and private information).
Schwartz, who made these remarks at an ASNC event on October 7 examining the cybersecurity challenges facing the U.S., Asia, and the world, was joined by Frederick R. Chang, a former Director of Research at the U.S. National Security Agency and who now heads a cybersecurity program at Southern Methodist University; Matt Gardner, Senior Advisor to the Bay Area Council; Michael Nacht, the former Assistant Secretary of Defense for Global Strategic Affairs; and John Stewart, Cisco's Chief Security Officer.
Panelists agreed that cyber threats currently levies major costs approximating $500 billion annually worldwide ($100 billion in the U.S. alone). As Stewart emphasized, cybersecurity is an inherently political issue requiring political solutions that transcend mere technological tools. Nacht stated that the international community is in the infancy stages of trying to establish governance structures around cyber threats and cybersecurity. Thus, for example, the U.S. government has not yet formulated national security responses in cases of catastrophic cyber attacks. He further warned that cyber attacks will most likely comprise the first offensive weapon launched in any major conflicts in the future.
Gardner, too, iterated how “tech frontiers are always ahead of the policy frontiers.” Governments are groping to set regulatory standards, rules, and institutions that govern cyber conduct. Chang characterized cybersecurity as a “wicked” problem where solutions generate worse problems. The vulnerabilities of the Internet are long-standing because codes that were written decade or more ago in open source by volunteers underlie current software systems. Thus, they contain bugs and flaws that can be exploited by those who wish to attack these systems.
Despite such grim analyses, panelists suggested that the government and the private sector must cooperate with one another in order to generate viable and effective regulatory institutions. Information sharing between them, however, has always been fraught with mistrust and suspicion. Yet, in the case of cybersecurity, speakers agreed that such public-private cooperation is essential. They expressed optimism that incremental measures that secure cyberspace are and will continue to be generated both in the technological and political spheres. Though still in its infancy, cyberspace governance and security will continue to generate scaffolds of cybersecurity.