Former White House Advisor: Marry Infosec To EconomicsMelissa Hathaway, former cybersecurity policy advisor to the White House, says the security and economy agendas should go hand-in-hand, and Western nations' use of surveillance technology is 'alarming.'
GTEC CONFERENCE, OTTAWA -- Former cybersecurity advisor to the White House Melissa Hathaway says Western democratic nations' current use of data collection and surveillance technologies is "alarming" and that to improve Internet security, nations need to wed their infosec agenda to their economic agenda.
Hathaway, now president of Hathaway Global Strategies LLC, will present a keynote speech on the topic "Transparency, Trust, and the Internet" in Ottawa this week at the GTEC conference, an event now in its 23rd year and0 focused on the Canadian ICT sector.
"I think it's alarming what's happening in Western countries," she says, referring to information gathering, data discovery requests, and surveillance activities conducted by these governments' agencies in the name of security of the state or political stability.
The issues are not unique to the West, either. Hathway notes that she just returned from India, where a debate over encryption is underway, similar to the one ongoing in the United States. In the U.S., law enforcement and intelligence agencies have been lobbying for backdoors, key escrows, weaker cryptographic algorithms, or other methods that would make it possible for law enforcement to read encrypted data.
"I do not believe that any government should weaken technology," Hathaway says. "Even if you're doing it for safety concerns, there will be criminals who" find a way to use it for criminal purposes.
Compounding the surveillance issue, says Hathaway, is that private sector companies like Google that have extensive stores of citizen personal data and/or communications "are being deputized as law enforcement" by being asked to look for suspicious activity and content. "It's a very fine line that is being crossed now," she says.
It's a growing problem, because more large-scale data aggregators will enter the market as the Internet of Things expands. Yet, as Hathaway explains, neither citizens nor enterprises can adequately protect themselves from the risks this presents -- without knowing who has your data and how they're using it, citizens cannot adequately assess the risk to their privacy, and companies cannot adequately assess risks to their company presented by third-party suppliers.
"I think there's not a lot of transparency, and I think that's somewhat deliberate," Hathaway says. "Google doesn't want you to know all the ways it's using your data."
A 'Capital Conversation'
In order to make Internet security a national priority and truly bring about change, says Hathaway, "you have to make this a capital conversation."
Nations can increase their gross domestic product by connecting more citizens (and things) to the Internet, Hathaway says. She points to Gartner's estimate that the near-term global economic opportunity generated by the Internet of Things is $19 trillion. "If you don't invest in security, you're pretty much guaranteed to lose 1 to 2 percent of your GDP," she says. ICT investments will generate gains of GDP, but without the appropriate security measures, says Hathaway, there's a threat of those ICT investments becoming a "net zero."
She offers some suggestions for moving the needle in the right direction.
First "we can't divorce the economics from the security," says Hathaway, "and they have to be married from the top."
She also recommends the U.S. winnow down its official list of 16 critical infrastructures to just three -- energy, financial services, and telecommunictions -- to better focus their priorities and resources.
"Then, becuse we have a lot of vulnerable products ... it's essential we start cleaning up our own infected infrastructure," says Hathaway. "These are three doable things for any sitting government that wants to own this problem."
Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio