Congressional staffers learn about cybersecurity at Stanford boot camp

Two dozen senior congressional staffers are attending Stanford's inaugural cybersecurity boot camp this week. From role-playing exercises to expert discussions, the workshop is designed to improve national efforts in computer security.

Maksim Kabakou / Shutterstock Cybersecurity illustration

Congressional staffers studying cybersecurity issues at a Stanford workshop are learning just how insecure the Internet can be.

Outsmarting cybercriminals and staying one step ahead of them is the subject of a Stanford cybersecurity workshop this week.

It is no easy challenge. That's what the participants at the Congressional Staff Cyber Boot Camp heard on the first day of a program that runs through Wednesday. The clear threat posed to America by cyberattacks is one of the biggest issues facing Washington policy makers.

The staffers heard a warning in stark and unambiguous language from Jane Holl Lute, a former deputy secretary of Homeland Security, the current president of the Council on CyberSecurity and a consulting professor at Stanford's Center for International Security and Cooperation.

"It's no longer possible to ignore this issue," said Lute, who most recently served as deputy secretary for the Department of Homeland Security, where she was responsible for the day-to-day management of the department's efforts to prevent terrorism and enhance security.

"Life online is fundamentally unsafe," she said, but most organizations can take steps to prevent 80 to 90 percent of cyber attacks.

She emphasized that the Internet is about "the power to connect, not to protect" and stressed the importance of practicing "cyber-hygiene" to reduce problems. This includes monitoring the hardware and software running on a network, limiting administrative permissions, and real time patching and monitoring of system vulnerabilities.

"We can do better today," she said. "We know a lot, but we're just not doing it."

Lute emphasized that today's world has an "existential reliance" on the Internet – more than 3 billion people in the world, including 80 percent of North Americans, have access to the Internet. All of this dependence comes against the reality that many companies and sites do not carry out basic hygiene to protect their networks.

"Nothing you do online is secure," she said.

Some fundamental questions need to be answered about Internet security, Lute said. For example, how do we design Internet systems with components that are prone to fail in the event of cyberattacks? And how are the integrity of the information and the identities of users protected – how do we define privacy nowadays? Finally, what role does government have in cybersecurity?

"It's a jump ball right now," said Lute, referring to the government's role.

Lute noted that no two countries are approaching Internet security the same way. Rather, every country has its own unique perspective. She also observed that trust in government is dwindling at the same time that Internet growth is exploding. This makes for a difficult consensus on the role of the public sector.

The workshop is cosponsored by Stanford's Center for International Security and Cooperation and the Hoover Institution.

"Cyber-challenges are big, important, and here to stay," said CISAC Co-Director Amy Zegart. She is also the Davies Family Senior Fellow at Hoover and co-convener of the boot camp along with Herbert Lin, chief scientist at the Computer Science and Telecommunications Board, National Research Council of the National Academies.

The U.S. Senate and House staffers attending boot camp come from both political parties and work on the U.S. Senate Select Committee on Intelligence and the Homeland Security, Appropriations, Judiciary, Energy and Commerce committees. The group also includes staffers working with House Minority Leader Nancy Pelosi,  D-Calif., U.S. Sen. John McCain, R-Ariz., and Ed Markey, D-Mass., among others.

One session of the boot camp involved a simulation exercise for congressional staffers, who played roles that would be characteristic of the executive branch in responding to a cybercrisis.

The idea behind the workshop is to give Capitol Hill staffers the knowledge and contacts that will help them better craft legislation and policies on cybersecurity.

Some of the two dozen experts addressing the boot camp are:

  • Google Executive Chairman Eric Schmidt
  • Stanford University President John Hennessy
  • Larry Kramer, president of The William and Flora Hewlett Foundation and former dean of the Stanford Law School
  • Joe Sullivan, chief of security at Facebook
  • Former Secretary of State Condoleezza Rice, professor at Stanford's Graduate School of Business and a senior fellow at Hoover and the Freeman Spogli Institute
  • Scott Charney, corporate vice president for Trustworthy Computing at Microsoft
  • UCLA Professor John Villasenor, a CISAC affiliate and Hoover national fellow
  • Carey Nachenberg, chief architect of Symantec's Security Technology and Response division
  • U.S. Air Force Col. Matteo Martemucci, a former Hoover national security fellow
  • Melody Hildebrant, global head of cybersecurity at Palantir
  • Jennifer Granick, director of civil liberties at the Stanford Center for Internet and Society at Stanford Law School
  • Raj Shah, senior director for cybersecurity at Palo Alto Networks, and a CISAC affiliate.