Hi everyone. I don’t look very much like Steve Weber, but he sends his regards that he wasn’t able to make it today, and I’m still thrilled to be here. In his stead, I’d like to tell you a little bit about our organization, The Center for Long-Term Cybersecurity, and then we’ll transition into a great panel which will give some more thoughts about the Internet. But first, The Center for Long-Term Cybersecurity.
So, why long-term? We’re not trying to double down on today’s issues. That’s not where we think the basic science research we can make the greatest difference at the margins. Instead, what we’re trying to do is to see over the horizons, looking at essentially a five-year time frame, and identify what will be the cybersecurity landscape in that context, and hopefully begin in 2016 pointing in our policy and research agenda to try to solve some of those problems. The hope is to get out ahead of some of the issues and develop solutions, or at least partial solutions, or at least better understandings of the problems before they become crises.
So, we have three essential prongs of activity. First, research. We recently announced one million dollars or just less than that in basic research funding to twenty-three projects across Berkeley. And those projects include some of the more traditional issues of cybersecurity, like social manipulation. But they also include some more innovative ideas. Bio-sensing, or artificial intelligence.
Second, education. We think that education is at the core of our mission, and so we’re trying to improve the cybersecurity pipeline, as I know we were talking about in the earlier panels. And so stay tuned for more announcements on exactly what that will look like in the weeks to come.
And finally and perhaps most relevantly here in DC we’re interested in real-world relevance. We don’t want to just be a group that’s sitting up on the ivory tower, but we want to engage with policymakers, with government, with educational institutes, nonprofits, and of course companies. And it’s in that vein we’re beginning some specialized work on scenarios for the future of cybersecurity.
So, scenario planning is a proven methodology for thinking about how the future might unfold, and developing research and policy questions in the face of uncertainty. So, what we’re doing here are predictions, but they’re ways of thinking about the future. You prepare for the big issues, and even if they don’t manifest in precisely the same way that you thought they would, if you’ve done a good job you’ve essentially rehearsed the future and you’ll be better prepared for things that do happen.
So let me give you an example. If anyone can pronounce this I’d be very grateful, but if you remember there was this volcano that erupted in Iceland in 2010, and thousands and thousands of flights were delayed. Nobody foresaw that eruption, and no one had a plan in place to deal with it. But there was one express package delivery company that had done scenarios, not on volcanoes but on avian flu a few years earlier. And in the course of doing that they explored the consequences of air travel shutting down for a few weeks. When air travel did shut down, the company recognized the problem based on their avian flu scenarios and they were able to get ahead of it. And that’s precisely our objective with regards to cybersecurity future.
So, speaking of the future, what about the Internet of Things? The Internet of Things means not just computing things, but everyday things. Sensors, actuators. It means that my refrigerator will order replacement milk for me before I run out, and that your watch will not just track your heart rate and steps, but your overall health. Five years from now it may be that the only exceptional things are not connected. To be normal is to be connected.
Once IoT is everywhere, the nature of cybersecurity will change, too. Cybersecurity today, in most people’s minds, is about attacking and defending networks and data sets. Confidentiality, integrity, and availability. In the near future, it will still mean that, but it will mean a lot more. In an IoT world, the cybersecurity agenda will be about the data sets these connected things generate. It will be about the actions that system take on the basis of those data sets. It will be about the algorithms that intervene between data and action.
But it will also be about the impact of automation and robotics on jobs. It will be about—not opposed to but about—privacy, safety, security, and the issues between the three. The big point: cybersecurity is about what people value at the intersection of human beings and machines.
In one of our organization’s five scenarios, we’ve explored how this might play out in an IoT world. And our scenarios focus on the year 2020, so that’s the goal here. So, the conventional wisdom is that by 2020 IoT will be everywhere, but driven by private industry. Nest, Samsung, BMWs, etc. The vision of the connected home and connected car. In our scenario, we see the same outcome but a different cause. IoT is instead, and perhaps surprisingly, driven by government getting back into the business of doing things.
Now, I live in Northern California, and you may have heard we have a big drought going on. What if Jerry Brown decides his ultimate legacy as Governor in the state is to create an Internet of Water? A fully sensorized equivalent of a very smart grid, but for water not for electricity. What if it works to reduce the usage of water in the state by 40%? (A reasonable conjecture.) Without any compromises of note in lifestyle, we can get to water our gardens and take showers again. In our scenario, governments like the State of California lead the way to the adoption of smart IoT.
Will South Korea by 2018 be the first country to get universal smart roads connecting cars to roads and capturing an increasing amount of the driverless car industry as a result? Will the brand new Zuckerberg Foundation lead the way in 2019 in funding IoT in developing markets to better ensure service delivery? Will healthcare companies start giving discounts to users who voluntarily ear Fitbit 3.0 devices, tracking health outcomes. I don’t know the answer, but I do know that the cybersecurity landscape will change significantly if any of this becomes true.
So, I’m not here to tell you stories in ten minutes. I’m here to moderate a panel. But before I do that I just want to pitch to you all our scenario launch event, which will occur at the National Press Club on April 28th, here in DC. So, if you want to learn more about that please come talk to me afterwards or visit our website cltc.berkeley.edu. We’d really appreciate engaging with you on all these issues. But here today we have a panel to start to answer these questions. And so I’d like to ask them to come up here, and we’ll be able to introduce them.
Further Reference
The Cybersecurity for a New America event home page