April 27, 2015 – The International Conference on Cyber Engagement that takes place at Georgetown today is part of the university’s effort to convene experts on global challenges.
In this case, the subject is cybersecurity threats.
The conference, attended by nearly 700 people, includes a keynote speech by Michael Daniel, the White House’s cybersecurity coordinator, and dozens of policymakers, academics, technical experts and key industry stakeholders from all over the world.
Sponsored by the university’s Master of Science in Foreign Service (MSFS) program, the annual event, now in its fifth year, promotes dialogue among participants and explores the worldwide community’s increasing interconnectivity.
Catherine Lotrionte (G’99, G’08), director of Georgetown’s Cyber Project, is an international lawyer and visiting assistant professor of government and foreign service at the university. She previously served as counsel to the President's Foreign Intelligence Advisory Board at the White House and has been part of the intelligence community for nearly 20 years.
We asked her a few questions about the conference:
Q. What’s significant about this conference?
Most of the conferences on cybersecurity and the challenges are either technical conferences or policy conferences that don’t incorporate the technical aspects and they’re typically focused on U.S. perspective only. Our conference is truly international. We have people from Interpol and Europol coming here as well as representatives from nearly 40 different countries. Clearly the Internet is global, so these challenges are global and the solutions are going to have to be global. We have people from different countries with a wide variety expertise sharing the challenges they’re facing as nations and as citizens. Hopefully one day we will get to the point where some of this bridge building turns into solutions for the United States and the rest of the world.
Q. How well are we fighting cyber threats right now?
We’ve made progress in the last couple of decades as we’ve focused a lot on the defensive aspect. That’s the good news. The bad news is that we’re still not at a place in terms of both the development of technology and effective government policy and laws and regulations. And we’re still not at a point where we’re effectively securing our networks and our personal data and sensitive information.
Q. What are today’s most serious cybersecurity challenges? What’s are the worst-case scenarios?
The top ones in terms of vulnerability and cyber attacks right now are in the energy sector, the IT sector and the financial sectors. If you disrupt the work of Wall Street, for example, that could be a great disaster. You don’t have to take down Wall Street forever – even just a few weeks where you can’t have the international monetary system working would be devastating, not only to the U.S. economy, but to the global economy. We also face threats to our energy and the power grid and nuclear power plants. Effectively anything connected to the Internet is vulnerable, and nowadays everything is connected to the Internet. A worst-case scenario that hasn’t happened yet is the use of the Internet by terrorists. That’s a potential future scenario we hope we don’t ever see, but it’s one that is looked at seriously.
Q. How do you sleep at night thinking about all these threats?
Maybe I don’t sleep quite as soundly as I used to. But the people I truly believe have trouble sleeping are those government officials and company officials that have fiduciary responsibilities, people in charge of defending their countries. Because when something happens, and inevitably it will, people are going to look at them and say, how did you let this happen?
Q. What do we need to do so that these worst-case scenarios don’t transpire?
There’s a lot of technical work that needs to be done, meaning the science of computer security. Some debate if it’s truly a science, but whatever it is, it needs to advance. We need to build systems that are more secure, develop better anti-virus programs and better inform and education governments, companies and individuals. And we really need to reach understanding and agreements across borders, whether it’s cooperation on cybercriminal investigations or creating laws and regulations. Increasingly governments are coming up with their own national cybersecurity strategies, many more than when we first started this conference. These are nation state level issues that need nation state responsibility and solutions.
Q. You were a speaker last week at the RSA conference , where cryptographers EXPLORE advancements in Internet security. Did something interesting happen there?
One of the speakers, Chris Roberts, was not allowed to get on a United Airlines flight because he proved he could hack into the airlines’ computer system and make all the air masks drop at the same time. He was frustrated because his company had been trying to tell the airlines that their systems were vulnerable and that got ignored. It’s pretty scary if you can actually hack into an airline. So a lot of people now worry about the FAA and their systems. If someone could actually get in and compromise the communication among the air traffic controllers, that’s where you start imagining loss of life. We need the technical experts to build in redundancies in infrastructures so that if anyone makes that kind of attempt, they are not successful.