As society becomes ever more cyber-focused, the steady stream of “out with the old and in with the new” floods nearly every aspect of life. From self-driving cars to smart refrigerators, everyday items that once relied on the mechanical are now at the forefront of a digital push.
This includes cyberwarfare.
Denise E. Zheng, senior fellow and director of the Technology Policy Program at the Center for Strategic and International Studies, will address this very topic at 10:45 a.m. Friday in the Amphitheater. More importantly, she will address how we, as individuals and a nation, can prepare for this future.
“The average person is not engaged at the strategic level about what cyber warfare really means,” Zheng said. “But the average person plays a very important role.”
At the Technology Policy Program within CSIS, Zheng and her colleagues conduct research focused primarily on cyber and emerging technology policy issues, with a specific focus on cybersecurity, privacy and surveillance.
With a background in advanced research and development with the Defense Advanced Research Projects Agency, Zheng brings an expertise to tech policy that positions her as a resource for policymakers on Capitol Hill.
Zheng is clear about the fact that she is not a developer or a programmer. Her focus on policy means that she conducts research and presents data to legislators in Washington, D.C. Her research includes improving responses to cyberattacks and implementing more effective deterrents against those attacks from the outset.
It only takes one exploitation in a network to result in a successful cyberattack. This means that, in the battle between hackers and cybersecurity experts like Zheng, the hackers commonly have the advantage, Zheng said.
“On the defensive side, you have to defend the entire ecosystem. That’s difficult to do,” Zheng said. “An attack happens and vendors work to patch it up. But in turn, hackers come up with alternative methods to circumvent that. It’s a constant back and forth.”
Constantly working to adjust and keep up inherently presents cross-border issues and global challenges.
Cybersecurity and data localization standards and regulations are not uniform, Zheng said. They can vary at state and federal levels, not to mention internationally. What is standard in one state may not be in another. What serves as a regulation in one nation might not be strict enough for another.
“(Standards and regulations) come into conflict in a way that is unique to cyber,” Zheng said. “The internet extends across borders, so it’s a much trickier space to secure.”
Advising on the development of policy that does secure that space is exactly what Zheng hopes to do. Part of that means developing the human capacity to do the work within the field of cybersecurity. According to Zheng, this human capacity is vastly undernourished at present.
“There’s a shortage of skilled people who have the experience to fill the jobs that are out there, and that is significant in the U.S.,” Zheng said. “Our STEM (science, technology, engineering, mathematics) pipeline is not where it needs to be.”
Even if a person doesn’t pursue a career in cybersecurity, Zheng feels it is vital for all people to become more conscious of cybersecurity in their own lives.
“When (people) start caring about this, that’s when companies who make these devices, like smartphones and ‘Internet of Things’ devices, will start to care more,” she said.
While Zheng said people are becoming more aware of the threat of cyberattacks, she isn’t sure that most people ever feel the actual cost of a cyberattack. The number of people who have had their identities stolen is small when compared to the number of people who could have their identities stolen. This can lead to a false sense of security.
“Even when you have fraud on your bank account, it’s usually the bank that bears the cost of it,” Zheng said.
A solution that Zheng offers is for everyone to put more thought into the products they buy. People shouldn’t think just about cost, Zheng said, but about whether the products’ systems can be hacked and personal, private data accessed.
This awareness should not just exist at the everyman and everywoman level. It should run up the ladder to those who make decisions and enact legislative policies regarding the security and safety of cyberspace.
Zheng said there is awareness at the legislative level, in part.
“I think there’s a ton of appreciation for the risks that cyberthreats pose to a lot of different things, and people genuinely want to do something about it,” Zheng said. “There’s been a tremendous amount of investment, but it’s probably not enough.”
With the speed at which technology advances continually increasing, it might be hard to imagine what it will take to secure something as vast and complicated as cyberspace. The potential is there, Zheng said, but it’s going to require something big. From everyone.
“You need to invest in game-changing approaches,” she said, “and game-changing approaches cost a lot of money. They require collective action.”