Experts Debate Cyber Deterrence, Internet Governance at Carnegie Colloquium

By Julianne Mattera


Technology and policy experts examined the complexities of cyber deterrence and internet governance in an increasingly digital world at the second session of the Carnegie Colloquium at Carnegie Mellon University Dec. 2.

David Brumley, director of CyLab, CMU's security and privacy institute, said conversations on cyber deterrence and internet governance are essential, and it would be "irresponsible to not have a voice" in how they evolve.

"We're talking about bringing together people from policy and people from technology, and these people often don't speak the same language," Brumley said. "At CMU, we try to break these boundaries."

The colloquium, which was co-hosted by Carnegie Mellon University and the Carnegie Endowment for International Peace, drew more than 140 participants. The event included a security and policy student poster session.

The keynote speaker was Malcolm Johnson, deputy secretary-general of the International Telecommunication Union (ITU) at the United Nations. ITU's work includes helping countries develop and implement cybersecurity strategies and build human capacity to utilize technology in pursuit of the UN's Sustainable Development Goals.

"We have to work with governments, with industry, with civil society, nongovernmental bodies as well as governmental bodies ... everyone has to work together," Johnson said. "One essential element will be the trust and security that people feel that they have when they use this technology."

"We're talking about bringing together people from policy and people from technology, and these people often don't speak the same language. "

One panel discussion focused on internet governance in the wake of the recent transfer of control of the internet domain name system from the U.S. Department of Commerce to the Internet Corporation for Assigned Names and Numbers (ICANN), a nonprofit international body of stakeholders, a change that Brumley has described as a milestone.

Fadi Chehadé, former CEO of ICANN, emphasized the importance of success.

"If ICANN fails to show its accountability, the whole project that we dedicated so much time to, in many ways, fails," said Chehadé, who is now chairman and CEO of Chehadé & Company and senior adviser to the executive chairman of the World Economic Forum. "So, this is not a 'hopefully they'll get it.' We all need to make sure they get it. Because if they fail, we fail."

Chehadé also called upon President-elect Donald Trump to create a new position of U.S. Digital Representative.

"Just like they have the U.S. Trade Representative, they need to create a U.S. Digital Representative who actually can imbue the administration with an understanding of how all of this changes our policies," Chehadé said.

Along with Chehadé, the panel on internet governance included Eileen Donahoe, distinguished fellow at the Center for International Governance Innovation, and Lawrence E. Strickling, assistant secretary for Communications and Information in the U.S. Department of Commerce.

Donahoe said the concept of internet governance has changed in the last few years.

While it used to be addressed mainly to the technical realm, Donahoe said, now it's about "governance on the internet—all the social, political, economic activity, and it encompasses all the rules about access to content, freedom of expression, how data is protected."

Soon, Donahoe said, "all dimensions of governance are going to have some digital or networked aspect."

But she said there are challenges inherent in the digital divide that's formed with roughly half of the people on the planet not connected online. "That in of itself is a big governance issue because of economic disparity," she said.

In another panel discussion, technology and policy experts examined cyber deterrence. Panelists included CEIP's nonresident fellow Ariel "Eli" Levite, retired U.S. Marine Corp Lt. Gen. Robert Schmidle, and Uber Advance Technology Center's Security Lead Chris Valasek.

"Undermining integrity, in my judgment, integrity of data, is the No. 1 challenge in front of us in the future," Levite said. "And the question is whether deterrents can actually play a role in preventing undermining the trust."

But Valasek said it's not always possible to determine where an issue originated.

"Deterrence infers repercussions. Repercussions implicitly states that you get caught. If you're really good at writing exploits and rootkits, you don't get caught," Valasek said. "If you're really good at writing exploits and hacking computers, no one knows you're there."

Related:

• First Carnegie Colloquium Focuses on Artificial Intelligence in Military, Data Privacy
• Carnegie Mellon Wins Third "World Series of Hacking" in Four Years
• CMU Spinoff Wins $2 Million in Cyber Attack Challenge
• CMU’s Software Engineering Institute Contract Renewed by Department of Defense for $1.73 Billion
• CERT Guide to Insider Threats Named to Cybersecurity Canon