On Monday, we were honored to host the second Ntrepid-SSP Cyber Symposium. The Symposium focused on the Office of Personnel Management (OPM) Data Breach, featured presentations by this spring’s two Ntrepid Cyber Fellows followed by a panel discussion. The event served as a great platform to discuss the national security implications of the OPM Data Breach, and drew more than 50 people from Georgetown, Ntrepid, the national security community, as well as general industry practitioners.
Ntrepid Cyber Fellow Katherine Hasty delivered the first presentation, entitled Exploiting the Seams: The OPM Breach and Chinese Soft Power. Her presentation explored China’s soft power doctrine and how the OPM Data Breach, and the data gleaned from it, fits into this doctrine. This was followed by Ntrepid Cyber Fellow Michael Sexton’s presentation entitled Learning from the OPM Breach: the Risks and Benefits of New Security Technologies in the U.S. Government. In his presentation, Michael proposed a number of innovative technologies, including browser isolation, that can help the government mitigate future breaches.
The panel, which I had the honor of moderating, featured three cyber experts from industry and academia: Professor Katherine Gronberg, VP for Government Relations at ForeScout and Professor at Georgetown’s MSFS; Andrew Borene, IBM Senior Executive for Strategic Initiatives and Nonresident Fellow at SSP; and Dr. Robert Tomes, Adjunct Professor at SSP. Their discussion continued the event’s focus on the OPM Data Breach, and explored the ways in which the breach impacts national security on a broader level.
Some of the critical points raised were:
- Tools are only as good as the people behind them. It is important that the national security community continue to invest in hiring the best and brightest and providing them with the training needed to succeed in the cyber domain;
- Cyber is not a stand-alone issue. As decision makers explore options such as deterrent policy in cyberspace, they must look at the issues holistically and understand that non-cyber policies can have cyber implications and vice-versa;
- In today’s environment, people should assume they’re compromised. As one panelist noted, there are two types of people: those who have been infected and know it, and those who have been infected and don’t yet realize it.
As the last point highlights, the current cyber landscape is one where people’s security is constantly at risk. This is even more of a concern for those in the national security community whose data was exposed in the OPM breach. As the panel noted, adversaries can leverage their data to target breach victims now and in the future. And even though victims may enjoy greater security while inside the perimeter of their employers, when they return home they become significantly more vulnerable. To that end, Ntrepid has been leading an effort to extend the security perimeter for OPM Data Breach victims who work in the community, in the hopes that they can browse securely and free from attack in the comfort of their homes. We have engaged extensively with Members of Congress, officials from across the national security community, and leading industry groups whose members work in the community — and while we will tirelessly continue this engagement, we also cannot rest knowing that fellow members of our community are vulnerable, which is why we announced earlier this year that we are making our secure browser, Passages, available for free for one year to those impacted by the breach. We hope this step, and the year of coverage, will give the community the time it needs to take the steps necessary to extend the security perimeter to all those who safeguard our national security.
All-in-all, the second Ntrepid-SSP Cyber Symposium was a great success — a tribute to the immense partnership between Ntrepid and Georgetown’s Security Studies Program. Moreover, the quality of the presentations and ensuing dialogue highlighted the caliber of the students at Georgetown’s SSP, and the value that the academic world can bring to today’s pressing national security issues. We look forward to future Cyber Symposiums and the continued contributions of Ntrepid’s Cyber Fellows!
If you missed the event, please keep an eye out for podcasts of the Fellows’ presentations, which will soon be uploaded to our site.