Hi every­one. I don’t look very much like Steve Weber, but he sends his regards that he was­n’t able to make it today, and I’m still thrilled to be here. In his stead, I’d like to tell you a lit­tle bit about our orga­ni­za­tion, The Center for Long-Term Cybersecurity, and then we’ll tran­si­tion into a great pan­el which will give some more thoughts about the Internet. But first, The Center for Long-Term Cybersecurity. 

So, why long-term? We’re not try­ing to dou­ble down on today’s issues. That’s not where we think the basic sci­ence research we can make the great­est dif­fer­ence at the mar­gins. Instead, what we’re try­ing to do is to see over the hori­zons, look­ing at essen­tial­ly a five-year time frame, and iden­ti­fy what will be the cyber­se­cu­ri­ty land­scape in that con­text, and hope­ful­ly begin in 2016 point­ing in our pol­i­cy and research agen­da to try to solve some of those prob­lems. The hope is to get out ahead of some of the issues and devel­op solu­tions, or at least par­tial solu­tions, or at least bet­ter under­stand­ings of the prob­lems before they become crises. 

So, we have three essen­tial prongs of activ­i­ty. First, research. We recent­ly announced one mil­lion dol­lars or just less than that in basic research fund­ing to twenty-three projects across Berkeley. And those projects include some of the more tra­di­tion­al issues of cyber­se­cu­ri­ty, like social manip­u­la­tion. But they also include some more inno­v­a­tive ideas. Bio-sensing, or arti­fi­cial intelligence. 

Second, edu­ca­tion. We think that edu­ca­tion is at the core of our mis­sion, and so we’re try­ing to improve the cyber­se­cu­ri­ty pipeline, as I know we were talk­ing about in the ear­li­er pan­els. And so stay tuned for more announce­ments on exact­ly what that will look like in the weeks to come. 

And final­ly and per­haps most rel­e­vant­ly here in DC we’re inter­est­ed in real-world rel­e­vance. We don’t want to just be a group that’s sit­ting up on the ivory tow­er, but we want to engage with pol­i­cy­mak­ers, with gov­ern­ment, with edu­ca­tion­al insti­tutes, non­prof­its, and of course com­pa­nies. And it’s in that vein we’re begin­ning some spe­cial­ized work on sce­nar­ios for the future of cybersecurity. 

So, sce­nario plan­ning is a proven method­ol­o­gy for think­ing about how the future might unfold, and devel­op­ing research and pol­i­cy ques­tions in the face of uncer­tain­ty. So, what we’re doing here are pre­dic­tions, but they’re ways of think­ing about the future. You pre­pare for the big issues, and even if they don’t man­i­fest in pre­cise­ly the same way that you thought they would, if you’ve done a good job you’ve essen­tial­ly rehearsed the future and you’ll be bet­ter pre­pared for things that do happen. 

So let me give you an exam­ple. If any­one can pro­nounce this I’d be very grate­ful, but if you remem­ber there was this vol­cano that erupt­ed in Iceland in 2010, and thou­sands and thou­sands of flights were delayed. Nobody fore­saw that erup­tion, and no one had a plan in place to deal with it. But there was one express pack­age deliv­ery com­pa­ny that had done sce­nar­ios, not on vol­ca­noes but on avian flu a few years ear­li­er. And in the course of doing that they explored the con­se­quences of air trav­el shut­ting down for a few weeks. When air trav­el did shut down, the com­pa­ny rec­og­nized the prob­lem based on their avian flu sce­nar­ios and they were able to get ahead of it. And that’s pre­cise­ly our objec­tive with regards to cyber­se­cu­ri­ty future. 

So, speak­ing of the future, what about the Internet of Things? The Internet of Things means not just com­put­ing things, but every­day things. Sensors, actu­a­tors. It means that my refrig­er­a­tor will order replace­ment milk for me before I run out, and that your watch will not just track your heart rate and steps, but your over­all health. Five years from now it may be that the only excep­tion­al things are not con­nect­ed. To be nor­mal is to be connected. 

Once IoT is every­where, the nature of cyber­se­cu­ri­ty will change, too. Cybersecurity today, in most peo­ple’s minds, is about attack­ing and defend­ing net­works and data sets. Confidentiality, integri­ty, and avail­abil­i­ty. In the near future, it will still mean that, but it will mean a lot more. In an IoT world, the cyber­se­cu­ri­ty agen­da will be about the data sets these con­nect­ed things gen­er­ate. It will be about the actions that sys­tem take on the basis of those data sets. It will be about the algo­rithms that inter­vene between data and action.

But it will also be about the impact of automa­tion and robot­ics on jobs. It will be about—not opposed to but about—privacy, safe­ty, secu­ri­ty, and the issues between the three. The big point: cyber­se­cu­ri­ty is about what peo­ple val­ue at the inter­sec­tion of human beings and machines. 

In one of our orga­ni­za­tion’s five sce­nar­ios, we’ve explored how this might play out in an IoT world. And our sce­nar­ios focus on the year 2020, so that’s the goal here. So, the con­ven­tion­al wis­dom is that by 2020 IoT will be every­where, but dri­ven by pri­vate indus­try. Nest, Samsung, BMWs, etc. The vision of the con­nect­ed home and con­nect­ed car. In our sce­nario, we see the same out­come but a dif­fer­ent cause. IoT is instead, and per­haps sur­pris­ing­ly, dri­ven by gov­ern­ment get­ting back into the busi­ness of doing things. 

Now, I live in Northern California, and you may have heard we have a big drought going on. What if Jerry Brown decides his ulti­mate lega­cy as Governor in the state is to cre­ate an Internet of Water? A ful­ly sen­sorized equiv­a­lent of a very smart grid, but for water not for elec­tric­i­ty. What if it works to reduce the usage of water in the state by 40%? (A rea­son­able con­jec­ture.) Without any com­pro­mis­es of note in lifestyle, we can get to water our gar­dens and take show­ers again. In our sce­nario, gov­ern­ments like the State of California lead the way to the adop­tion of smart IoT. 

Will South Korea by 2018 be the first coun­try to get uni­ver­sal smart roads con­nect­ing cars to roads and cap­tur­ing an increas­ing amount of the dri­ver­less car indus­try as a result? Will the brand new Zuckerberg Foundation lead the way in 2019 in fund­ing IoT in devel­op­ing mar­kets to bet­ter ensure ser­vice deliv­ery? Will health­care com­pa­nies start giv­ing dis­counts to users who vol­un­tar­i­ly ear Fitbit 3.0 devices, track­ing health out­comes. I don’t know the answer, but I do know that the cyber­se­cu­ri­ty land­scape will change sig­nif­i­cant­ly if any of this becomes true. 

So, I’m not here to tell you sto­ries in ten min­utes. I’m here to mod­er­ate a pan­el. But before I do that I just want to pitch to you all our sce­nario launch event, which will occur at the National Press Club on April 28th, here in DC. So, if you want to learn more about that please come talk to me after­wards or vis­it our web­site cltc​.berke​ley​.edu. We’d real­ly appre­ci­ate engag­ing with you on all these issues. But here today we have a pan­el to start to answer these ques­tions. And so I’d like to ask them to come up here, and we’ll be able to intro­duce them. 

Further Reference

The Cybersecurity for a New America event home page