News | October 06, 2013

EastWest Direct: Bruce McConnell on Cyber Challenges

EWI’s Sarah Stern interviews Bruce McConnell, who recently joined the institute as Senior Vice President, responsible for managing its Cooperation in Cyberspace Program, which includes its Worldwide Cybersecurity Initiative.

Before moving to EWI, he provided programmatic and policy leadership to the cybersecurity mission at the U.S. Department of Homeland Security. He became Deputy Under Secretary for Cybersecurity in 2013.

What reflections do you have on your most recent role in the public sector?

I guess I’d say three things. First, I found it to be a great honor to serve in the historic first term of the Obama administration and to be able to advance the objectives of the Department of Homeland Security, which were to create a safe, secure and resilient place where the American ways of life could thrive. Just the honor of being able to be part of that team was very good. The second piece was that it was fascinating because we were working on cyberspace, and we will talk some more about why cyberspace and cybersecurity are such fascinating areas. And the third piece is that it’s very challenging. Homeland Security is a new, young agency. It’s only ten years old. It is still finding its way on how to operate and to set down its corporate culture and that kind of thing. So that was challenging, to operate in a very fluid environment.

Who did you work for?

I worked with Secretary Janet Napolitano and her team. 

And what was she like?

She’s a great manager and a great administrator with a real sense for people and what makes them tick.  She will do well as the head of the University of California system.

What were some of the greatest challenges?

When I left Homeland Security, I was the Deputy Under Secretary for Cybersecurity, and one of the biggest challenges is that responsibility for cybersecurity has not really been allocated. In every other domain of our life, we know who is responsible for security. For example, in terms of my personal belongings, I am responsible for locking the door of my apartment, and the police are responsible for dealing with street crime. That’s obviously a division of responsibilities between citizens and the government. 

It’s not clear who is responsible for protecting assets in cyberspace. Is it companies? Where does that responsibility stop? Where does government come in? We are not, as a society, comfortable yet with a very active role of government in cyberspace because it deals with people’s personal information and their speech. So that makes it difficult to make progress. And, even within government, the role certainly is not clear. What is the role of the Defense Department? What is the role of Homeland Security? Getting things done can be difficult when you are also trying to figure out who is responsible for getting it done. 

How did that position and your previous ones prepare you for your work at EWI? 

My work history is about half time in government and half time in the private sector. EWI brings governments and the private sector together. I think my depth of experience in both those parts of society will help me understand the strengths and weaknesses of each—where they can be the most helpful to our goal of creating a safer and better world.

I also had—both in the private sector side and the government side—a fair amount of international experience. I ran the International Y2K Cooperation Center, which had about 120 countries. I ran my own company, McConnell International, which had an international set of clients. 

As EWI’s 4th Cybersecurity Summit is fast approaching, what are some of the key objectives?

I think this summit is like many of the things that we do at EWI. We convene, reframe and mobilize. We are convening people from all over the world, and we want to get them together to talk. But we are not just a “talk tank.”

Equally important is the reframing of some of the key issues that we are discussing in cybersecurity through the breakthrough sessions that are scheduled, to actually roll up our sleeves and get resolution on some of these tough policy issues. 

And finally, to mobilize the people who are present and their connections to go forth from the conference with some achievable action plans. We are going to continue to do work in fighting spam, in securing global telecommunications, and, hopefully, start moving to reduce the amount of malicious hacking. Those are some of the key areas.

Why is its location in Silicon Valley so important?

It’s related to what I was speaking to earlier—the roles of government and the roles of private-sector responsibilities are not clear when it comes to cybersecurity. One of the reasons is that in cyberspace  government doesn’t have a monopoly on power. Netizens have cyber power. And, of course, large IT companies like Microsoft and Google have power in cyberspace. Silicon Valley is the seat of that private sector cyber power. It’s also the global center of IT innovation. That’s why it’s very exciting that we are having the summit there.

How will EWI help foster public-private partnerships to achieve a safer and better cyberspace around the globe?

At the summit we are convening, reframing and mobilizing the public and private sector. The other thing we are going to do at the Summit is begin to socialize the transformation of EWI’s cyber efforts. 

We have had a focus over the past five years primarily on cybersecurity, but it has now become obvious that you can’t solve the problem of security in cyberspace without solving two other problems. The question of who runs cyberspace—governance, and the question of equity in terms of insuring that everybody in the world can benefit from the economic growth that cyberspace and cyber technology is creating. 

There is thus a development aspect of it with regard to the global South vis-à-vis Western dominance of cyberspace. At the summit we will start socializing the idea, that in 2014, EWI will be expanding its coverage of issues in cyberspace to recognize that you can’t deal with security by itself, you have to deal with these other issues—institution building in the governance area and equity in terms of the overall development of the Internet.