Trust me

A conversation with Richard A. Clarke on whether to “trust” or “risk” cyberspace.

“Trust” isn’t the first word that most folks associate with “cyberspace.” More likely it’s “risk.” So when former national cybersecurity czar Richard A. Clarke came to Santa Clara this October to deliver the keynote for SCU’s Trust Online conference, he shared strategies for making the Internet a little less risky for business and leisure—and less hospitable to crime, espionage, and fraud.

Consider this, Clarke said: “Massive amounts of data on corporate networks, on government networks, and university networks have been exfiltrated out of the United States over the last several years.” Indeed, the Pentagon had recently revealed that a hacker had not only penetrated its security but made a cyberforay into the secretary of defense’s office itself. The origin of the attack? It was traced to China. And consider that a week before the conference, Clarke said, hackers got into the system running the power grid in Idaho and took down a generator.

The Trust Online conference was co-sponsored by the Center for Science, Technology, and Society; the Markkula Center for Applied Ethics; the High Tech Law Institute; and Microsoft. Clarke observed, “If we didn’t have this university and its centers, we would probably conclude at the end of today’s meeting that we needed it.”

Beyond needing a university “in the middle of Silicon Valley where we can discuss ideas”—especially one like Santa Clara that is “one of the gems of California”—what else do we need to reclaim e-space from the bad guys? Clarke offered a few solutions, some of which are shibboleths to the left or the right:

National ID cards containing biometric data
Authentication online—at least for sites managing commerce or infrastructure
Increased regulation from the FCC—which the courts have ruled has the authority to make Internet service providers toe the line but, so far, has failed to exercise that authority. (“You don’t want government regulation?” Clark quipped. “Then just keep on letting your kids lick the lead off the Chinese toys.”)
Expanded use of a closed Internet for certain functions—e.g., the part that connects to nuclear labs or power grids
Improved quality of secure computer code to reduce the number of required patches and to eliminate trap doors
Establishment of a government champion of privacy rights and civil liberties with the power to actively oversee government activity—an action that would help restore some trust in government itself.
During the Q&A following his speech, Clarke was asked if there are other countries the U.S. should look to when it comes to cybersecurity. For online banking, Clarke offered Hong Kong—which requires two-factor identification. As for international policy bodies, Clarke recalled the first time that he sent an assistant to a meeting of ICANN, the international Internet regulating body. When the assistant returned, Clarke asked him how things went. The assistant answered with a question: “Do you remember the bar scene in the first ‘Star Wars’ movie?”

Gone phishing

The conference brought more disturbing news from the annals of fighting cybercrime: The crooks and would-be crooks are diversifying, getting more sophisticated and organized, and “malware” developers are being funded to develop new and more damaging attacks. That was the assessment of Dave Cullinane, eBay’s chief security and information officer, who, in a lunchtime keynote address, shared some findings of a recent analysis his company had conducted of threats online. One observation that many of his listeners could corroborate: Phishing scams are better than they used to be, increasingly slick in their look and feel, with the goal of hooking computer users into revealing their passwords.

Panel discussions that included security experts from TRUSTe, Microsoft, Cisco, and the Federal Trade Commission assessed that one of the major tasks in cybersecurity is to break the cycle of online attacks we now face. However, it will remain a parry-thrust game, where the advantage resides with the attacker, unless we can make changes in policy, technology, and how we as individuals interact online. —JC and SBS

post-image Former cybersecurity czar Richard A. Clarke Photo: Charles Barry
Fear and Hope in a Pandemic

In an online survey, an SCU psychology professor found those who prepared most for the pandemic had the most fear, and the most hope.

Salvē, World!

Classics students learn Latin by time traveling to Ancient Rome. Virtually, that is.

Pressing On

Meet Daniel Press, an environmental policy expert previously with UC-Santa Cruz, the new dean of SCU’s College of Arts and Sciences.

Oh Nunny

It’s the friendships we least expect that make us feel the most seen. Rita Kelly ’20 friendship with “Nunny”became a story of its own.