Although some may think cyber threats require cyber retaliation, an intelligence community leader says differently.
Stephanie O'Sullivan, former principal deputy director of national intelligence, said cyber threats were a policy and standards problem as much as a technical issue.
“I deeply believe in our system, I deeply believe in Congress,” O'Sullivan said Monday at a talk entitled "Innovation and Diversity: How America can Compete in Cyber," hosted by American Grand Strategy. “I wish they would step up and be more authoritative.”
O'Sullivan was the associate deputy director of the CIA from 2009 to 2011, and was then nominated by President Barack Obama to serve as the principal deputy director of national intelligence. She was unanimously confirmed to the position by the Senate.
At Monday night's talk, she argued that as more and more of the physical world connects with the digital world, there is an increased need for security standards so that each device does not have a different protocol to address vulnerabilities.
“If you’re a consumer and every single device you have has a different squiggly password protocol, you’re going to be tired after the third one,” she said. "We need standards."
O'Sullivan also justified the existence of multiple intelligence departments that may seem duplicative.
"I really believe after working with different leaders...we’ve become an integrated community," she said. "The NSA works with the CIA, doing things together we couldn’t do separately."
When asked about threats the United States faces from vigilante groups, O'Sullivan acknowledged that North Korea has criminal hacker groups that have stolen money from worldwide financial funds and said that ISIS did a particularly good job of using the web as a recruitment tool.
Now, addressing threats like these has become more of a numbers game.
“In the age of artificial intelligence and machine learning, whoever has the most data wins,” she said.
O'Sullivan made the case for undergraduates interested in cybersecurity to go into the intelligence world instead of Silicon Valley.
Get The Chronicle straight to your inbox
Signup for our editorially curated, weekly newsletter. Cancel at any time.
“Industry builds systems, intelligence figures out how to use it correctly,” she said. “But the major reason is…working for something bigger than yourself. There’s something extraordinary about working in such a high-performing team.”
Junior Justin Sherman, co-founder and president of the Duke Cyber Club, helped organize Monday's event. He wrote to The Chronicle that O'Sullivan has reaffirmed the importance of cyber-related education at colleges, in terms of technical and policy areas of study that are open to all majors.
"[She] made important points about the low barrier of entry into offensive cyber operations," he wrote. "I agree with her view that North Korea is a prime example of this fact, because over the last several years in particular, the country's involvement in the likes of global ransomware attacks have shown that hacking other (traditionally more powerful) nation-states can result in a disproportionate gain—in this case, earning money—with often minimal risk."
His biggest takeaway from O'Sullivan's talk? American needs to get moving on cyber-related education.
"The United States needs to take swift, decisive action to educate our public about modern technology," Sherman wrote. "Without such an effort, coordinated at federal, state and local levels, we will certainly risk falling behind other countries on the world stage."
Bre Bradham contributed reporting.