April 3, 2018
“Sorry, I don’t do softballs.” That was the invigorating and hard-hitting statement from moderator Dr. Betsy Cooper, a top cybersecurity researcher at UC Berkeley, that kicked off last week’s LEWIS-sponsored media panel entitled “Cybersecurity & Trust: A Media Perspective.”
Luckily, our panel of leading journalists, including Hannah Kuchler (Financial Times), Joseph Menn (Reuters), Laura Hautala (CNET) and Sarah Kuranda (The Information), were batting a thousand, covering everything from the constant evolution of cybersecurity, the ever-growing threat landscape and the biggest challenges covering this dynamic and often dramatic industry.
But first, let’s talk Russia.
As a national cybersecurity threat, most of our panel agreed that the world’s largest country remains public enemy number one. “Russia continues to be a sophisticated, impressive adversary and will continue to do more because they aren’t facing any punishment for it,” Menn said, commenting on the Trump administration’s resolutely lax approach to cybersecurity. Even with a new cybersecurity taskforce established by Jeff Sessions, critics remain underwhelmed, noting that it covers too broad a range of topics to truly have any impact.
What has had tremendous impact recently and continues to ricochet throughout the cybersecurity world is the Facebook/Cambridge Analytics data scandal, which our panelists couldn’t wait to sink their teeth into. Even though this wasn’t a conventional hack or breach, the security and privacy ramifications stemming from Cambridge’s use and manipulation of Facebook users’ personal data to influence everything from Brexit to the 2016 U.S. presidential election is profound, and Facebook’s liability cannot be understated. As Kuchler put it, “why, in 2015, when Facebook found out about this did they not do more…why does Facebook think it can police itself?”
This discussion naturally segued into GDPR (General Data Protection Regulation), an impending law set to go into effect in May that will make any company in the world that does business with even a single European customer liable to EU privacy laws. In fact, the panelists noted that the Facebook/Cambridge scandal is an amazing poster child for GDPR. This in turn brought up the question of whether regulator discussion in the U.S. will take place because of GDPR. The Honest Ads Act is a bill floating around Congress meant to promote regulation of online companies like Facebook, but it only addresses a portion of this much larger problem and would barely scratch the surface of regulating a Facebook or Google in efforts to prevent another similar scandal.
Speaking of regulation or lack thereof, the Internet of Things presents quite the threat landscape when you consider the deep interconnectivity of IoT devices. And yet, regulation and security are mostly an afterthought in this sector. The idea of liability around security is starting to be broached, but the panel vehemently agreed that until something catastrophic occurs, there won’t be any sort of demand for regulation, and legislation will be frustratingly circumvented. After all, the government has interest in using IoT to their benefit, and the industry of cybersecurity very much follows the credo, “show me the money.”
If you haven’t been scared off by all the cynicism and the ever-increasing threat landscape around cybersecurity, you’re probably thinking if there’s any sort of hope or silver lining on the horizon. Truthfully, it’s hard to make cybersecurity sparkle. “It’s a tough industry – there’s not a lot of good news in cybersecurity,” Kuranda noted. However, our panel wasn’t all doom and gloom. Optimism reared its pretty head, particularly when it came to the topics of diversity and the role of nonprofits in cybersecurity.
Cybersecurity has always been a man’s world, but the future is looking increasingly female. For starters, women dominated our panel, a welcome breath of fresh air in the cybersecurity realm. Laura Hautala proudly pointed out the increased effort to bring young women into this field, with programs springing up dedicated to training and educating women. However, Hautala pressed that what comes next remains equally important: “What keeps these women that have this training in the industry into positions of leadership?”
Nonprofits are leading the charge and playing a bigger role in cybersecurity, doing the regulatory and innovative work that big corporations and the government are neglecting. The Hewlett Foundation, in particular, is a huge pioneer in funding around cyber solutions. They award grants for those proactively defining, researching and managing the intersections between people and digital technologies while working to create thoughtful, multidisciplinary solutions to today’s complex cyber challenges.
As for what our panelists thought could be the next dominating headline in the cybersecurity world, many took a teasing approach to our president’s obsession with a little blue birdie. If you’re a gambler, a smart bet is putting money on a DDOS taking down Twitter, causing POTUS to openly weep. At least for one brief moment, it was fun to pretend it’s not always bad news in cybersecurity. Nevertheless, the industry persists.
For more information on cybersecurity and relevant industries, visit our magazine.