Skip to main content

tv   Bush Presidential Leadership Forum - Cybersecurity  CSPAN  June 1, 2019 12:38pm-1:18pm EDT

12:38 pm
sunday from 12:00 to 2:00 p.m. eastern. >> up next, a conversation with michael chertoff and the ceo of unisys. they talk about cyber security threats and privacy issues raising the nation. afterwards, henry kissinger talks about foreign policy. this is part of president bush's leadership forum in dallas. today, we're going to be talking about technological transformations-- and threats. i'm eva chang and here at the bush center, we take things like
12:39 pm
technology and data very seriously. as i was thinking about this session, i realized, i actually use technology to create a ton of data on a daily basis, and i bet you do, too. let me give you an example. i'm a runner so this morning i got up. i put on this watch and i went for a run. when i got home, i used a digital code to get back into my house. i'll be honest with you, i have no idea where the physical key to my house is. by the time i was out of the shower, my watch had uploaded my run data to a service i subscribe to, and i already had a message telling me exactly how many miles i should run tomorrow and how fast i should run. i also had' text message from a good friend who saw my route and she said, let's meet up this weekend and run that same route. when i got in my car, i asked my car which
12:40 pm
route i should take to work to avoid the most traffic? yes, we're talking to our cars now. it's like living with the jetsons. i also asked my car to go ahead and order my starbucks because i didn't want to wait in line. my route had a toll road. i get on the toll road, a camera takes a picture of my front license plate. i'm sure a bill is being generated as we speak. it will be sent to me and automatically paid by my bank account. i will never see that bill. i get starbucks, my cell phone remembers the wifi, it connects, i send a quick email, grab my drink, come over to the bush center and i enter this very secure building with an electronic badge. look at all that data that i created before 7:30 a.m. this morning. i love data. it's why i have this job. it makes my life easier. however, if i sit and i think about it too hard, it is a little creepy. where does all that data go? who has access to
12:41 pm
it and what are they using it for? i had this thought. if i wanted to delete that digital trail that i created this morning, die even have the authority to do that? and then, i hear stories on the news, and i bet you've heard these, too. this major bank was hacked. that large corporation lost sensitive customer data. this is one of my favorite. a relatively new pentagon policy that bans this kind of wearable technology because it turns out that feature i love where my friend can see my route and meet up with me is not such a good idea when you have soldiers running around secure military bases uploading their routes, right? and some governments have taken this too far. in china, they are actually assigning their citizens a social credit ranking, based on some of that big data i mentioned. what happens if you have a bad ranking score. well, they will prevent you from getting on trains and planes and traveling inside and outside of the country. so, we're living in an
12:42 pm
amazing time with amazing technological advances. however, could some of those technological advances be a weakness? not just to me and you individually, but to our national security? so, we have a lot of questions about this that we want answered. luckily we have two fantastic experts who will come out and help us answer some of these questions. i want to let you know, you will have a chance to answer questions. so have them ready if you have some questions. our first panelist is mr. peter -- chairman of the board of unisys corporation and importantly to this discussion, he's a member of the president's national security telecommunications advisory committee where he co-chairs the cybersecurity moon shot initiative and if you have never heard about that, that's okay, you will learn about it today. very importantly, peter actually
12:43 pm
just won a very prestigious award called the eagle award for his work in helping us to make the internet safer. we also have secretary michael chertoff. we all know him as the former secretary of the department of homeland security under president george w. bush, where he worked on things like border security, immigration policy. he spearheaded the first national cybersecurity initiative, and prior to that, he led the investigation of our 9/11 terrorist attacks. so will you please help me in welcoming our guest to the stage. [applause] >> thank you. you heard that very scary introduction that i just gave both of you and in preparing for this session, secretary chertoff, i read your book, exploding data, reclaiming our cybersecurity in the digital age, and one thing that stunned
12:44 pm
me is how much data we actually produce as individual citizens, so can you talk about, what do you think would surprise people in the audience about how their data is being used. >> thank you, and i think people describe date as the new oil or the new gold. it's probably the most precious natural resource, but here's a surprise even i got. yesterday i was reading in the "washington post," and there was a story about an application called ovia, which maybe some of you have heard of. apparently this application, which is essentially commissioned by employers allows or perhaps pressures employees, female employees to log everything relating to pregnancies, efforts to get pregnancy, how the pregnancy is going, and when the baby is born, birth weight and all the characters of the baby. the idea is presented as, this is supposed to help you maximize
12:45 pm
the possibility of a safe and healthy pregnancy. but the employer gets access to the data which is theoretically, quite detailed about every facet of your temperature, what you're eating, what your heart rate is, and any indicators with respect to the health of the fetus, all of this becomes part of the app and for those who want to kind of put a lot of faith into the idea that the data is anonymous, i have two words to say to you, cambridge analytical. the reality is, we generate often willingly, sometimes with only imperfect knowledge, and sometimes completely unwittingly, enormous amounts of data and the thing to remember
12:46 pm
is, it's not just kept in silos. it's often combined either up in the cloud, so there is visibility, of course, all of the silos, or people sell it. there is a market for this, so that winds up giving a granular view of the way we live far beyond what even george orwell could have imagined when he wrote "1984." >> so that's from an individual level. we sign up for these aps, we get our data collected, but peter, tell us about the national perspective. you're in this a lot. you're doing a lot of advising. what do you think from a national perspective and how are people wrapping their minds around this? >> eva, that's a great question. from the national perspective, i think the biggest question we have is, when does the united states have its sputnik moment around cyber? by that, sputnik was the first satellite into space, in 1957, everyone expected it to be an american satellite and the russians beat us to it. that was the wake-up call that started a lot of other things. the question really is for us, are we going to wait for an actual sputnik? or are we going the start acting now ahead of that? one could argue, 2014, 21 million americans had their records stolen, and the records
12:47 pm
went very deep. almost all federal employees, people with security clearances, my security clearance file is a hundred pages, it's gone. that wasn't enough for us to have a sputnik moment. to the secretary's point about personal data, in 2017, we have 148 million americans that lost their equifax credit data. it was more than just credit reports. it was social security numbers. it was telephone numbers. it was addresses. it was pretty deep. none of that has moved us as a country, so there is a framework called the c.i.a. triad. c.i.a. is not the intelligence division. it's confidentiality, integrity, and
12:48 pm
accessibility. it's exactly what eva was just talking about. people taking data, the opm data, people taking the equifax data, people taking the biology data that the secretary referred to that doesn't seem to be enough, to trigger this sputnik moment. so the next level of that triad is integrity. so what happens when we move from someone taking data to actually manipulating that data, and then using it back at us for bad purposes? as an example, you're a hospital patient and you're either a target of someone who wants to do harm or just a terrorist who wants to make an example of you, and you have a certain blood type. they have infiltrated the data. on the operating table, they change the blood type. so the surgeon thinks you have a different blood type and gives you different blood. so that would
12:49 pm
be a manipulation of the data. the third would be accessibility. and so that, obviously, we're aware that certain countries have infected our power grid with software and firmware. it's not being used, but if it was to be used and if it was effective which is unknown would you have an accessibility problem in shutting down the power grid. two countries have had their sputnik moment, wis stone yeah and ukraine with an attack on their power system. if you live in either of those two countries you've had your sputnik moment. they are extremely aware of these issues. the real question is do we wait or act? >> just to add on the integrity example that you gave, imagine you have an automated system that's handling your blood transfusion or some kind of infusion therapy and that has
12:50 pm
the data altered, and there is not even a human being to look at it and kind of raise a question about it. >> so peter, you brought up the bad guys, and i think we've all seen the scary movie where a terrorist takes over our grid and it reminds me of this morning when our c.e.o. ken was talking about this geneva convention idea that we have for international warfare. michael what do you think about this? are there norms for this kind of attack? should there be norms, what is an example? >> there is a dispute not surprisingly between the western countries and russia and china about the public abilities of international or cyberconflict. i won't say cyberwarfare. the russians and the chinese are more skeptical. i think most western countries believe that the traditional laws of war and armed conflict would apply in cyberspace. the challenge is deciding when you've cross at the threshold between ordinary cybermalicious activity into the realm of conflict. but there is also a more general issue about
12:51 pm
norms. there are some things even the russians and the chinese could agree with the west about. for example, there is work being done on someone involved in this, in developing norms on not attacking the availability or integrity of data, on the financial system. it's a global financial system. and because every country in the global economy needs to use that system in order to transact business, there may be enough of a shared interest that you can get a global agreement on this. or, for example, the global commission on stability in cyberspace, which i'm co-chairing, has published a norm on protecting the public core of the internet. trying to get general acknowledgment that if we don't take steps that would undermine the general availability of integrity of the internet as it functions globally, so without being naive or poly annish, i do think there
12:52 pm
are areas of shared interest but frankly, there is difficulty sometimes in drawing lines on where a cyberattack begins or how you attribute, it's going to be more complicated than in the physical world. >> and you mentioned, business have an interest in agreeing to this, what about governments, do they also have a shared interest in signing up for these >> i think so because governments also depend on the availability, for example, of the public core to deliver basic services so much the same way as most countries agree with except for rogue nations, agreeing with the general outline of the geneva convention, even if they aren't always honored, i think there is enough mutual interest in some of these norms so governments will have an incentive to participate. in many ways, though, private sector may lead and because much of the infrastructure is in private hands, that's actually very powerful issue. we've seen it in our own country, where a number of cybercompanies decided
12:53 pm
after the snow revelations, that they were going to be very transparent about making sure that whenever there was a request from the government to access data, it was done strictly according to the law, turning square corners, and that's had a real impact in the world so the companies can be leaders in this.
12:54 pm
12:55 pm
12:56 pm
12:57 pm
12:58 pm
12:59 pm
1:00 pm
1:01 pm
1:02 pm
1:03 pm
1:04 pm
1:05 pm
1:06 pm
1:07 pm
1:08 pm
1:09 pm
the enterprise some cap on liability, which would make it easier to ensure them. >> i think we have time for one more question. up in the front. >> fascinating topic. we are all getting paranoid. i feel like my phone is listening to me, my tv is watching me. i can merely talk about a destination now and an ad for that trip shows up on facebook. is that true and how to protect ourselves? -- how do we protect ourselves? a and >> unfortunately, it is true. there have been stories about echo and similar devices, echo or siri, or alexa, these end up recording you.
1:10 pm
there was a story about someone who was recorded and the recording was sent to a third party. some of these are design problems. some, particularly as you get to the internet of things are questions for you about, do you really want this device? i am perfectly capable of turning on the tv myself. i don't need echo or alexa to do it for me. part of my argument to people is the ought to be mindful. i do wear an apple watch. that is great, but i would not blindly accept the view that having ourselves surrounded by smart devices when the risk reward ratio may be suboptimal grid -- suboptimal. there have been stories about televisions being able to detect where your eyes are when a particular ad is on so that the vendor can determine what kinds of ads are more compelling to you and maybe at some point we do wind up with legislation or regulation that says you must
1:11 pm
tell the consumer with clarity exactly what is being done with their data, was being collected, as a condition of a needle to sell. in much the same way that you have to list ingredients for food that has to be accurate. >> now, we are all ready terrified i think. but, this session is called technological transformations. i talked about how we are living in an amazing time. let's end with you telling us what you're excited about. this technology does help us. take the order you want to go in, but tell us what you're excited about.
1:12 pm
>> i will start i guess. this is a conversation where we have to be deliberate. we have to invest the time and money to protect ourselves. but we can't run scared. ken mentioned in the first speech the importance of our system of government. the importance of democracy. the importance of our economy. this is capitalism. we encourage innovation. we encourage movement of capital. it is ok for people to fail in this world and then you restart. all that gives us a tremendous of antigen using these technologies to create jobs, to build new economies and to advance
1:13 pm
humanity. we are 21 years into the google search engine. we have not yet hit a dozen years for the iphone. you know have most of the knowledge of humanity literally at your fingertips. where we go with that is hugely positive. the technologies we mentioned earlier -- 5g creates a mesh network, it is much faster, more reliable. it will be the enabler for autonomous cars. autonomous car's don't really become fully enabled on widescale without 5g. biometrics is going to make us much more secure than your mother's maiden name. artificial intelligence, we may not all use alexa. alexa is four years old. we have gone from the excitement of being able to say i want to hear a specific song to voice recognition has ignore miss --
1:14 pm
has enormous potential. you heard about the computing power of quantum. there already studies about what it will do to machine learning. there are already studies about what it will do to genetic research. yes, you have the downside of, it could defeat current encryption. you have to build quantum protected encryption. then you have to go to the good stuff. i would say we need not lose our courage. we have the right system of government, we're got the right economy. we are just missing a focus on helping us defend ourselves. >> i agree with that. i may take a little bit of fun at the expense of alexa and echo, but in the area of health, in the area of the environment, at mitigating climate change, things of that sort, we are going to find tremendous potential with some of these technological tools, which will both make us more efficient and healthier. one example is -- and maybe we're at the point now where if you have an episodic type of heart ailments that can otherwise cause a stroke, you can wear a
1:15 pm
device that will detect that and have an emergency vehicle come right away will become a life-saving thing. there is a lot of potential in that discussion about smart cities, which would reduce pollution and make energy use more efficient and actually make life more pleasant, because you won't have to wait in traffic. that being said, there is an important dimension to this. security has to be built in i design. what has not worked in the past is let's push something out to the consumer and afterwards we think, we didn't secure it or didn't think about how it gets controlled and now we have got to run around and retrofit it. there is an enormous amount of promise in this, but the promise requires us to be thinking about issues like security and privacy at the design and implementation stage. finally, i would say this. you don't have to aspire to perfect security that you will never get penetrated. no matter how good the security is, you will, just like you can't actually dr. -- you can't ask your doctor, how can i make sure i will never get sick? that is when you have an immune system. we need to build immune system's within our technology. we will
1:16 pm
be penetrated, but that is where resilience and internal defenses allow you to mitigate the problem and recover from it. a realistic understanding of what security means coupled with an appropriate design stage allows us to capitalize on the promise of this technology >> one of the things that makes me feel hopeful about getting to know you is that i truly think we have some of the brightest minds in our country thinking about these issues deeply. i do
1:17 pm
have one more announcement for you, but before that, can you join me in thanking our panelists for joining us and spending their time on this topic today. [applause] thank you for being here. i must say that i am very nervous and i don't usually get nervous. when i called dr. kissinger in the fall and ask if you would be here in april, i was near my hero. your booking nine months out last september. everybody wants to know, what is your secret? >> for what? for survival? [laughter] i chose my parents well. [laughter] >>


info Stream Only

Uploaded by TV Archive on