We began his visit with a nice lunch at the University Club and we talked for 2 hours!
Dr. House has had an incredible career, having earned his PhD at the Fletcher School of Diplomacy at Tufts University. He became the Chief Cybersecurity Risk Officer for the State of Connecticut in October 2016, after four years as Chairman of Connecticut's Public Utilities Regulatory Authority (PURA). He recently returned from speaking in Latvia (and we compared notes, given my recent visit to Kyiv, Ukraine). His work includes cybersecurity strategy and action plans in the Black Sea and Balkan regions.
He
has worked in national security, and served as Director of
Communications in the Office of the Director of National Intelligence
and the National Geospatial-Intelligence Agency. As a White House
Fellow, he was Special Projects Officer at the National Security
Council. Tom O'Brien was also a White House Fellow. House spent 10 years
in the Congo, and shared some of those fascinating experiences with us
at lunch. He also worked for the World Bank and was a Congressional
Adviser to the United States Mission to the United Nations.
In the United States Senate,
Dr. House was Chief of Staff to Senate Majority Leader Robert Byrd and
Senator Abraham Ribicoff and Legislative Assistant to Senator Chris
Dodd. Amazingly, as can be seen from various writeups on his career,
specific assignments included the Camp David Peace Agreement, the
Strategic Arms Limitation Treaty and the Tokyo Round Trade Negotiations.
The stories he shared with us at lunch even included the SALT
negotiations at which he was present in Russia, with Brezhnev in
attendance. It is not every day that you get to have lunch with someone
who has taken part in major historical events in the US! And can he do
imitations of famous people; honestly, SNL should just hire him. His
ability to reproduce accents is simply incredible and hilarious.
Since
there were no classrooms available for this guest lecture at Isenberg,
since it was prime class time, his talk took place at the Computer
Science building. It was good to walk after the leisurely lunch (and we
did share desserts).
Dr.
Mila Sherman introduced our speaker and then he began his mesmerizing
lecture, which had the audience at the edge of their seats throughout.
He began his lecture by sharing some personal details and then asked the question: "Are we safe" and answered: "Of course, not!" We can't assume that a business or organization is safe from cyberattacks since even the Pentagon has been compromised.
He made the following points, which he then elaborated upon:
1. We are dependent on the digital world (computers and Internet) and, hence, vulnerable;
2. We need to protect ourselves;
3. We need to anticipate strategic surprises, and
4. States must play a critical role in cyber defense.
He emphasized that the advantages of cyber are immense from air traffic control to critical infrastructure but so are the vulnerabilities. The Internet was not designed with security in mind since it was supported by DARPA and was initially for academics who trusted one another. He envisions 3 Internets eventually, with Bakanization, and you can probably guess who would be behind the other two.
He spoke about who is behind the threats and the monetary aspects of selling the hacked products (which I have actually published a paper on in the INFORMS journal Service Science). Even health records are commodities that can be sold. He talked about phishing attacks as well as ransomware with the latter sometimes targeting smaller enterprises from hospitals to municipalities, etc. for payments in bitcoins.
Sadly, he stated that the "US is losing its edge" in cyber defense and also spoke about cyberwar and asymmetries.
He spoke about certain nation states targeting our elections and critical infrastructure and the details that he had were quite frightening. And, he even showed a slide of Kyiv at night after the cyberattack in 2015 on its power grid.
He emphasized that we need norms and rules and he suggested a great idea - for businesses and organizations to have a cyber rating similar to a credit score, and this would be audited regularly, since one's brand reputation as well as stock value can be seriously negatively affected after a cyberattack.
"Cyber is the perfect weapon" he said and "We need to defend ourselves." We can't get the feds to do this, so states must, and Connecticut is leading the way!
He also noted the need to create a positive cybersecurity culture; to plan, and to be ready for the unexpected. Sad to say, he also sees "massive complacency."
After his talk, Art House stayed to meet and continue the discussions with the audience. I was so delighted that even some of my undergrads, in addition to my PhD students, came. This was an incredible talk and educational experience!
Posts
