Corporate security officers discuss technical ideas for the future

Feb. 13, 2015, 10:54 p.m.

In a panel on Friday afternoon at the White House Summit on Cybersecurity and Consumer Protection, the Chief Security Officers of five Silicon Valley companies argued for user-safe technology and warned of the cybersecurity challenges faced by small and medium businesses.

Moderated by Amy Zegart, a senior fellow at the Hoover Institution and the co-director of CISAC, the discussion centered on technical ideas for a secure future.

 

Safety, not security

In a panel moderated by Amy Zegart (left), Facebook Chief Information Security Officer Joe Sullivan (right) and four others discussed technical security ideas. (CATALINA RAMIREZ-SAENZ/The Stanford Daily)
In a panel moderated by Amy Zegart (left), Facebook Chief Information Security Officer Joe Sullivan (right) and four others discussed technical security ideas. (CATALINA RAMIREZ-SAENZ/The Stanford Daily)

A guiding theme for the event was finding ways to motivate behavior that promotes cybersecurity, especially for consumers.

Scott Charney, Microsoft’s corporate vice president of trustworthy computing, advocated for technologies that prevent users from having to become security experts. For example, terms of service agreements have shown that users will click ‘OK’ on almost anything, so the burden placed on consumers should be minimized.

Yahoo Chief Information Security Officer Alex Stamos agreed that greater attention has to be paid to the user.

“We’re really good at building secure products, but that’s not the fight anymore,” Stamos said. “We need to build safe products.”

Melody Hildebrandt, Palantir’s global head of cybersecurity, argued that there isn’t enough information for consumers to make informed decisions. Cars have safety ratings and food has nutritional info, she noted, but Internet-facing products lack an analogue.

“Most consumers don’t know the questions to ask,” Hildebrandt said.

 

Small and medium businesses

The panelists claimed that small and medium businesses face an uphill battle when it comes to cybersecurity. Stamos presented the recent Sony Pictures Entertainment hack as an example, arguing that SPE operates as a relatively small subsidiary of Sony.

Large corporations like Microsoft, Google, Yahoo and Facebook — each represented on the panel — are at an advantage because their cloud computing infrastructures require centralized security skills and resources. Facebook Chief Information Security Officer Joe Sullivan said that smaller businesses would be safer if they utilized cloud services and enabled optional security features.

The growing requirements of cybersecurity can also represent a barrier to entry for new companies. While Paypal grew up with relatively inexperienced hackers in the earlier days of the Internet, Stamos explained, new mobile payment apps are immediately confronted with experienced adversaries.

 

Future mindset

When the discussion turned to which technology would follow two-step authentication, Stamos asserted that “passwords are done” and Charney pointed to hardware-centric forms of authentication. Eric Grosse, the Google vice president for security engineering, brought along smart cards that he said he used as stocking-stuffers for his family over the holidays.

Zegart ended the event by asking each panelist to offer cybersecurity advice to CEOs. Hildebrandt focused on the importance of preparation.

“You’re going to be breached,” Hildebrant said. “Do you have a plan for it and a plan you’re confident in?”

Sullivan concluded by emphasizing the importance of leadership from executives.

“How a company approaches security is shaped from the top,” he said. “When the tone from the top is right, the company makes the right risk decisions repeatedly.”

Contact Joseph Beyda at jbeyda ‘at’ stanford.edu.

Joseph Beyda is the editor in chief of The Stanford Daily. Previously he has worked as the executive editor, webmaster, football editor, a sports desk editor, the paper's summer managing editor and a beat reporter for football, baseball and women's soccer. He co-authored The Daily's recent football book, "Rags to Roses," and covered the soccer team's national title run for the New York Times. Joseph is a senior from Cupertino, Calif. majoring in Electrical Engineering. To contact him, please email jbeyda "at" stanford.edu.

Login or create an account