With an outstanding increase in nation-state cyber attacks worldwide, Michael Chertoff, former U.S. Secretary of Homeland Security, noted that it is "critical" to treat investments in the cybersecurity realm as one would treat investments in seperate departments.

Nation-state attacks on corporations in the private-sector have become a recent trend, however, an increasingly dangerous trend at that. Bruce McConnell, Global Vice President EWI, says that "even assuming the most benign motivations by all the parties in these various incidences, ungoverned state-on-state skirmishes in cyberspace increasingly undermine terrestrial security and stability." 

Click here to read the full story on Bloomberg BNA.

Other witnesses included Gen. Keith B. Alexander (Ret. USA), President and Chief Executive Officer, IronNet Cybersecurity; Michael Daniel, President, Cyber Threat Alliance; and Frank J. Cilluffo, Director, Center for Cyber and Homeland Security, George Washington University. The hearing sought to provide a comprehensive assessment of the current cyber threat environment, helping to guide the Committee’s legislative and oversight efforts to defend U.S. domestic networks.

Click here to watch the hearing in full. 

Click here to read McConnell's written statement. 

Click here to read "A Civil Perspective on Cybersecurity," an op-ed by McConnell and Jane Holl Lute. 

Click here to review the U.S. Federal Cybersecurity Operations Team national roles and responsibilites. 

Below is McConnell's oral statement at the hearing.

Good morning Chairman McCaul, Ranking Member Thompson, and Distinguished Members of the Committee. Thank you for inviting me. 

I am Bruce McConnell from the EastWest Institute, an independent, non-partisan, non-profit that works with all major governments and the private sector to reduce security conflicts. Before EastWest, I served four years at DHS, departing in 2013 as the Acting Deputy Under Secretary for Cybersecurity. I also served at the O.M.B. under Presidents Reagan, George H. W. Bush, and Clinton.

Let me tell you what keeps me awake at night . . . what got me out of bed this morning to come see you. Last week I hosted a meeting near my home in Oakland, California. Two hundred government officials, industry geeks, professors, and activists from 35 countries spent three days developing answers to Apple vs. FBI, how to make smart cities into safe cities, improving capacity in cyber insurance, and, most important, developing rules of behavior for governments and companies in cyberspace. 

Have you ever seen your children and grandchildren swipe away the twenty-five smart phone apps they have open? Each of these apps enlivens some aspect of their lives, of our lives. We are grateful for this technology, and we depend on it. What is worrisome is that every one of those apps is an open door to well-funded, persistent state-sponsored attackers to intrude into our business or deny us the benefits of cyberspace. When I think about this for myself, it makes me mad. However, when I multiply that by the two billion people and millions of companies that are on the network today, and the billions of young people who are coming on in the years ahead, I foresee a global economic and political catastrophe unless we get those attackers under control. 

Today’s situation reminds me of the Gold Rush out in California 160 years ago. Some people made a lot of money, and it developed one of the great states in our Union. It also took us 30 years to establish law and order out there. Mr. Chairman, we don’t have 30 years to establish law and order in cyberspace. Military and intelligence agencies all over the world are equipped with the latest computers, communications, and cyber weaponry. These are good weapons. They are cost-effective, generally non-lethal, and they let us project force remotely and, often, stealthily. But there are two problems.

First, there is a runaway cyber arms race, led by the United States, Russia, China, Iran, Israel, some European countries, and North Korea. Over 30 countries have formed cyber offense units. There is no deterrence, no incentive not to do so. There is also an “information war” going on between East and West. It involves cyber burglary and publication of stolen information, like during the U.S. elections. This is part of a larger, damaging, degradation of the information space by the dissemination of fake news, political trolling, social media bots, and the weaponization of intelligence.  

We know the Russians and their surrogates are not the only attackers. There is always China. And, earlier this month, we learned about Western actions against North Korean missile systems and a variety of CIA practices. Even with the best motivations, these continuing, ungoverned state-on-state skirmishes in cyberspace undermine terrestrial security and stability. There is a growing risk of miscalculation and escalation that could spill over into direct physical harm to the United States and its citizens. And, if the credibility of cyberspace is further degraded, it will be useless as a medium for commerce and governance. People are already leaving e-commerce because they are afraid they will be victimized. 

So, what should the U.S. government do to respond? Fortunately, we have the answer to that question. In brief, we need cyber deterrence, governed by rules, and, we need cyber defense, governed by roles. 

Over the past two Administrations, the Executive branch worked on a bipartisan basis with this Committee and the rest of Congress, to establish clear roles for cyberspace security. The resulting laws and directives cemented the primary role of the Department of Homeland Security in protecting the Nation’s critical cyber infrastructure. In doing so, they also reflect two important values:

First, cyberspace is fundamentally a civilian space. The military, and NSA in particular, must protect our most valuable military and intelligence assets. But the military should keep out of our civilian infrastructure. It’s a long national tradition, and they have their hands full already. 

Second, securing cyberspace is a team effort. Agencies must work with each other and with the private sector in a seamless manner. 

In sum, the U.S. government needs to buckle down, work with the private sector and with other governments, and get it done. And it would be really great if you, on behalf of our kids and all the kids, could hold the federal agencies accountable for what you have already told them to do. 

Thank you, and I look forward to your questions. 

On Day III, Bruce McConnell, Global Vice President of the EastWest Institute, kicked off with comments to contextualize many of the ongoing discussions taking place among participants. McConnell took stock of the view that cyber continues to be a new frontier, an exciting place that represents the edge of the future—our collective future. Importantly, heightened connectivity brings the entire world closer and with it, the challenge of forging a path forward for cybersecurity that requires new rules both in policy and practice. He concluded by expressing his appreciation for everyone’s engagement at the Summit, underlining its role in moving the needle forward with allowing time to discuss the problems versus time expended on driving solutions.      

PLENARY PANEL III: INSIGHTS FROM YOUNG LEADERS

The Young Leaders panel provided a platform for five ambitious young professionals and academics who represent the new wave of thinking among tomorrow’s cybersecurity practitioners. Each of the panelists expressed a viewpoint on how cybersecurity is evolving and the key challenges ahead. These included: the need for structures to enhance dialogue between public and private sectors; using such dialogues to bring forth a level of governance across various sectors and countries (inclusive policymaking that goes beyond a security-only perspective); understanding why so many countries seek to develop an offensive cyber capability; providing clarity where certain cyber experts and firms confuse the landscape as to what is a an actual cyber threat; and the need for regimes in the future post-cyber world that will be underlined by AI, biohacking and similar advancements.  

PLENARY PANEL IV: REPORT FROM BREAKTHROUGH GROUPS

Breakthrough group representatives reported on results from workshop sessions, focusing on proposed next steps. The representatives were questioned by a distinguished international panel that posed questions and added insights. The panel was comprised of Latha Reddy, Distinguished Fellow, EastWest Institute; Former Deputy National Security Advisor of India; Co-Chair, Global Commission on the Stability of Cyberspace Speakers; Shen Yi, Associate Professor, Research Center for the Governance of Global Cyberspace, Fudan University; and Eli Sugarman, Program Officer, Cyber Initiative, William and Flora Hewlett Foundation.

Each of the representatives reported on the range of valuable insights offered by participants and the robust dialogue that took place, often reflecting contrasting points of view based on experience, strategic outlook and cultural diversity. Emphasis was placed on the next programmatic steps that each group will take to maintain momentum, and ensure continued progress. The breakthrough group report slides may be found here.

KEYNOTE ADDRESS: THE FUTURE OF SECURITY INDUSTRY COOPERATION

René Bonvanie, Chief Marketing Officer and Executive Vice President, Palo Alto Networks, delivered the keynote address, The Leap Forward. He first focused on the aspect of trust—both in innovation and productivity, examining how both aspects of innovation have evolved over time, where recent history has shown many innovations start off as constructive tools, only to morph into negative applications. Think drones.

Bonvanie went on to explain that unbridled innovation may have a distinct dark side, where the lack of rules of engagement fosters bad behavior. Moving forward he argued we will need to evolve our technology ecosystem into Sharing 2.0, consisting of information and data exchange as regards devices, sensors and probes, algorithms and policies, and machine learning—all for the greater good.

PLENARY PANEL V: TECH+PEOPLE: SECURING THE FUTURE CONNECTION

Betsy Cooper, Executive Director, Center for Long-term Cybersecurity at Berkeley led a panel featuring experts representing the commercial technology sector. The panelists—Ray Dolan, President and CEO, Sonus Networks; Sami Nassar, Vice President, Cyber Security Solutions, NXP Semiconductors; and Andy Purdy, Chief Security Officer, Huawei Technologies USA—dove into a range of topics, including big data; 5G and the coming demands of interoperability to move seamlessly from one platform to another; the commoditization of connectivity technology, where security is increasingly becoming a cost center; and the aspect of authentication, developing a “passport” where possible security threats are stopped at the border of the network rather than the current means of trying to catch the culprit after entry.

The panelists concluded by sharing their viewpoints about attracting, training and retaining talent. The talent pipeline represents a tremendous challenge for the tech industry, which is responding with the introduction of internal universities, sophisticated, multiple-year training programs and related initiatives to build and retain top talent.

KEYNOTE CONVERSATION: TRUST IN CYBERSPACE: MYTH OR REALITY

Francis Fukuyama, Mosbacher Director, Center on Democracy, Development, and the Rule of Law, at Stanford University, was featured in a discussion on trust in cybersecurity. He commented on the role of the Internet and social media which at its onset, was seen as having a positive impact on democracy. Fukuyama explained that the perception was the net got rid of gatekeepers while mobilizing activism. Today, that perception has been turned on its head, as those gatekeepers are missing and only now audiences begin to realize their value—to mediate and curate news and help provide a balance in presentation—offsetting the new reality of fake news, or as he called it, “today’s wild west of information sharing.”

The new information landscape has also brought about a new phenomenon, whereas bandwidth has increased, political compartmentalization has risen in step—meaning likeminded people gather and share their opinions, which without the benefit of diverse opinion, can regress into more extreme positions. He concluded that in today’s era of polarization, trust and verification are required to ensure that good information will push out bad information.

Looking Forward

This concludes the final day of the Summit, but not the conclusion of the important work being undertaken by the EastWest Institute, its sponsors and participants. EWI thanks each of its event sponsors and all 218 participant experts who took the time to engage with their peers to address critical areas of cybersecurity.

Click here for Day II

Click here for Day I

Bruce McConnell, global vice president of the EastWest Institute, and Betsy Cooper, executive director of the Center for Long-term Cybersecurity at UC Berkeley, opened the second day of the EastWest Institute’s Global Cyberspace Cooperation Summit VII.

1st Keynote Address

Ms. Getao provided a unique viewpoint from the Global South where there remains a distinct divide as to how developing nations fit in the context of the cybersecurity dialogue. Is the south the weakest link in the cyber global chain? What are the expectations of both sides to the other?

She sees a trust gap in three areas: supply chain integrity; “political engineering,” or the use of social media to influence the citizen mindset; and the use of developing nations as proxies in cyber attacks. Ms. Getao closed by recommending that all nations, regardless of geographic position or economic status, reduce adversarial positions and drive trust to help solve one another’s problems…and offered to host the next EWI Cyber Summit in Africa.

2nd Keynote Address

Peter Altabef delivered the second keynote focusing on Smart Cities. He pointed out that demographic and technology trends are creating rapid urbanization, and the opportunity to reinvent how cities approach public services, finding the right mix between information and communications technology, urban planning and public-private partnerships.

He emphasized that the next step in this evolution is to move from “smart” to “smart and safe” cities, ensuring steps are taken to keep digital assets and communities safe. This requires a balance between four factors: Cybersecurity, Personal Safety, Health, and Infrastructure Security. Critical to this, Mr. Altabef explained, is the consistent collaboration between enterprises, institutions and governments.

Directly following were two plenary panels.

PLENARY PANEL I: THE STATE OF CYBER COOPERATION

While governments, companies and civil society depend on a safe and reliable cyber environment, no one actor can ensure its security. A distinguished panel of seven experts provided perspectives from Cambodia, Estonia, Germany, the Netherlands, Russia and the U.S., along with the private sector insights of Microsoft. All participants agreed that, more than ever, there is a need for multi-party industry cooperation toward the creation of new norms of governance and policies. There was a consensus among the speakers that cyber dialogues need to be part of global diplomacy between nations. In this respect, the evolving UN GGE initiatives continue to have merit and should be deepened and adopted universally.

From the private sector perspective, enterprises (and their ICT platforms) have become first responders in times of cyber conflict. As such, the need exists to bridge between engineers in enterprise and government, moving beyond tech discussions to include broader public policy dialogue.

The comment was made that the growth of ICT and connectivity represents a “once in a generation shift in opportunity and power”—consequently driving a certain level of insecurity in some quarters. This reality should spur more private/public cyber collaboration.

PLENARY PANEL II: GLOBAL COMMISSION ON THE STABILITY OF CYBERSPACE (GCSC)

Marina Kaljurand, chair of the GCSC, and five Commissioners took the stage to convey to audiences the mission and vision of this first of its kind body—formed to develop proposals for norms and policies to enhance international cybersecurity and stability. Importantly, Kaljurand made clear that the GCSC will serve as a complementary body to other existing global initiatives.

The panel fielded a series of questions, touching upon key areas such as critical infrastructure and costs. The panel noted that an agreed definition of critical infrastructure still does not exist, posing a significant roadblock. Developing a universally accepted norm in this area is a likely objective of the GCSC.

Concerning costs, panelists discussed expenses associated with cybersecurity and the financial investment involved. Overwhelmingly, there exists a fundamental divide—three nations are responsible for much of cyber aggression globally, while the majority of tech organizations are spending an enormous amount of time and funds to defend themselves against these attacks. 

Breakthrough Group Sessions

The afternoon saw a continuation of breakthrough group sessions, building on Tuesday’s lineup. These included: Ubiquitous Encryption and Lawful Government Access, Secure ICT Products and Services, Promoting Norms of Responsible Behavior in Cyberspace, Resilient Cities and the Internet of Things, Systemic Risk and Cyber Insurance. A special interest session covered a topic with tremendous relevance to recent events—Election Systems Security.

Reports on each of the breakthrough group will be made available on the final day of the Summit.

Looking Forward

Please check back for an update on activities concerning the remainder of the Summit.

For more information about the Summit, click here.
To view the Day III plenaries via livestream, click here.
Follow us on Twitter at @EWInstitute for live updates! Use the hashtag #EWIcyber to join in the conversation.

Click here for Day I

Click here for Day III

March 15, 09:00 PT

March 15, 11:40 PT

March 16, 09:00 PT

March 16, 11:00 PT

Citing an increase in cyber attacks worldwide, a global commission formed in Germany last month to promote more dialogue, research and initiatives to make cyberspace more secure.

The Global Commission on the Stability of Cyberspace (GCSC) was launched at the Munich Security Conference by the Netherlands, the Hague Centre for Strategic Studies, and the EastWest Institute. It will be based at the Hague and funded by the Dutch government, Microsoft, the Virginia-based Internet Society and other sponsors.

Click here to read the full story on ThirdCertainty.

Day I featured Breakthrough Working Group sessions on the following topics:

Ubiquitous Encryption and Lawful Government Access

The national debate on encryption has produced a fault line between law enforcement and industry—and balancing security versus privacy. Recognizing that no single solution will suffice, over the course of two sessions, discussants examined specific challenges and scenarios relevant to government access to encrypted data and possible solutions to overcome obstacles faced by agencies tasked to protect national security and public safety. Perspectives were drawn from global participants comparing emerging national policies between the United States and India and European nations. Everywhere, there are challenges with policy development and actual implementation. Insights were provided by commercial, government representatives, law enforcement (FBI and Europol) and information security (ENISA). A key point of concern is the lack of capacity on the part of smaller entities to deal with the growing availability of encryption.      

Resilient Cities and Internet of Things     

The Internet of Things (IoT) holds amazing opportunities to interact with and leverage technology, but the ever expanding connectivity creates an unprecedented set of security threats, vulnerabilities and consequences. In particular, cities are increasingly dependent on cyber for driving sustainable solutions. Over the course of four sessions, over 30 experts explored building city capabilities for cyber resilience, and approaches to ensure the security of critical infrastructure like power grids. Debate surrounded the risks and liabilities of new connectivity technologies; concerns over privacy; along with a critical question—how much input from the general public is required to deploy IoT?

Increasing the Global Availability and Secure Use of ICT Products and Services

This breakthrough group looked at cybersecurity and privacy risks that are inherent in information ICT products and services. The EWI ICT Buyers Guide was used a reference point, providing underlying principles to launch the discussion. Participants examined the steps required for establishing objective standards, best practices and risk management techniques to aid purchasers in making informed decisions. Emphasis was placed on determining means of strategic collaboration to further enhance ICT security and supply chain risk; the role of trade agreements as having value in making ICT products more secure; and consideration for how binding trade agreements set the “rules of the road”—complementing non-binding cybersecurity norms as espoused in international fora.

Systemic Risk and Cyber Insurance

Can we define systemic cyber risk? Can it be measured or even managed? This workshop examined the cascading effects of possible systemic failures and the cross-sector impact on industries around the globe. Participants examined a conceptual framework that would encourage the business community and insurance industry to work together to share more robust Internet data in an effort to better mitigate and improve cybersecurity risk management. The workshop closed with a discussion on how U.S. policy effects systemic risk, analyzing the impacts on the passing of the Terrorism Risk Insurance Act (TRIA) on the insurance community.  

Promoting Norms of Responsible Behavior in Cyberspace     

Global security and prosperity depend on a secure and stable cyberspace. This reality demands an international forum that can effectively deepen consensus of cyber norms. In this context, participants were introduced to the Global Commission on the Stability of Cyberspace (GCSC), a joint initiative between the government of the Netherlands, the EastWest Institute and The Hague Centre for Strategic Studies. Launched in February, the GCSC will serve as a multistakeholder-oriented institution to generate, evaluate and recommend various cyberspace state and non-state norms of behavior and propose policy initiatives. Well received by participants, a spirited discussion ensued, seeking elaboration on the aspects of “hard” versus “soft” norms; “norm collision” versus “norm coherence” and the importance of a bottom-up approach to ensure impact.

Reports on each of the breakthrough group will be made available on the final day of the Summit.

Looking Forward

Day II of the Summit will feature plenaries on the State of Cyber Cooperation, including a keynote presentation by Peter Altabef, President and CEO of Unisys and Katherine Getao, ICT Secretary, Ministry of Information, Communications and Technology of Kenya.  

Please check back for an update on activities concerning the remainder of the Summit.

For more information about the Summit, click here.

To view the Day II plenaries via livestream, click here.

Follow us on Twitter at @EWInstitute for live updates! Use the hashtag #EWIcyber to join in the conversation.

Click here for Day II

Click here for Day III

According to UN Refugee Agency (UNHCR) data released last year, there are 65.3 million forcibly displaced people around the world: 21.3 million are refugees, over half of whom are under the age of 18. The UNHCR also reported that the number of displaced people is at its highest level ever, surpassing even post-World War II numbers. In fact, one out of every 113 people on Earth is currently displaced.

As is well documented, the countries of the Middle East are on the front lines of this situation, with Turkey, the nation where East meets West, playing point. Last month, the Turkish government released new refugee data indicating it now hosts the largest refugee population in the world; this influx of more than 3.5 million refugees—predominantly fueled by millions of Syrians who fled north to escape their country’s protracted civil war, as well as those from Iraq, Afghanistan and Africa—places the scale of Turkey’s refugee situation well ahead of Pakistan, Lebanon, Iran, Ethiopia and Jordan. Reportedly, not one of Turkey’s 81 provinces is without a refugee community.

However, Turkey’s status as home to the world’s largest refugee population is an impressive undertaking—an undertaking seemingly lost on many audiences.

In contrast, while much is made of Europe’s attitudes toward and challenges with refugees, the European Union’s migration policy remains in seeming disarray.

With literally nowhere else to go, the refugee situation in Turkey has become seemingly permanent. Turkey’s overall population of 80 million has seen a rise by almost 5 percent due to mass migration, while annual growth of its local population is approximately 1.3 percent. To deal effectively with its growing population, Turkey will require an integration strategy that takes into consideration the needs and resources of host communities, strain on public resources and broader educational and employment training efforts.According to Amnesty International, 27 European Union countries, with the exclusion Germany, have pledged 51,205 places for resettlement; however, these pledged resettlements would only take in around 1 percent of the Syrian refugee population represented in the main host countries.

The Turkish government has already begun to make inroads on such a strategy. Recognized as “guests,” millions of refugees now have the right to attend school and hold jobs. This move was praised by the ILO, United Nations High Commissioner for Refugees and Refugees’ International. In 2015, Turkey managed to enroll 215,000 Syrian children into primary and secondary education, a significant improvement from the previous year (although it only comprises a small number of the more than 700,000 school-aged Syrian children living in Turkey).

These are all steps in the right direction, but given the scale of the situation, much progress remains. With the benefit of a comprehensive, properly managed and well-suited migration policy, though, refugees could have the potential to make positive contributions to the diverse social and economic life in Turkey in the not so distant future.

Mainstream media tends to paint a somber picture of the current refugee situation, but it’s important to remember how remarkable the Turkish government and people have been in handling this humanitarian crisis.

Having recently visited the Midyat Refugee Camp, the author witnessed firsthand the scale of the tremendous humanitarian efforts taking place. Of course, there is always more work to be done. There are 26 government-run camps across Turkey in addition to the millions of Turkish families who have taken in their neighbors. Those who work to support the camps consider the refugees as both guests and individuals who may very well remain in Turkey as brothers and sisters. This sentiment is not unprecedented in the country’s recent history, as Turkey absorbed migrants from Bulgaria in 1989 and Bosnia in the early 1990s.

Despite the generous efforts of the government, local authorities and host communities, of the nearly 2.8 million registered Syrian refugees in Turkey, only 10 percent are settled in the 26 camps run by the Disaster and Emergency Management Presidency of Turkey (AFAD), where they have access to food, shelter, healthcare, education and social activities. 90 percent of Syrian refugees, as well as many refugees from other nations, still live outside these camps under challenging circumstances and with scarce resources. For these refugees, access to basic facilities is often limited for reasons such as requirements for registration with local authorities or language constraints.

Turkey’s status as home to the world’s largest refugee population also runs up significantly high costs. Official government estimates indicate that Turkey has spent 25 billion USD for Syrian refugees alone.

Of course, the best-case scenario is for all the refugees to return to their homes. Many of those from Iraq or Afghanistan have done so, but it’s not the case for Syrians and it may not be so for the foreseeable future until they can return to a secure environment. In the meantime, countries like Turkey will likely continue to bear the brunt of this international challenge.

The democratic values of the American people will prevail over attempts at reversing the core principles of that country, a senior Pakistani defense and international trade expert said, taking stock of the multilateral issues concerning the current world order from the lens of both the economic as well as the judicial. 

Ikram Sehgal elaborated that Islamic countries could depend on the goodwill of the people of the United States as well its judicial system to ensure that racial discrimination is not institutionalized. 

Read the full interview here.