Harvard’s Jonathan Zittrain and James Mickens Discuss Cybersecurity

Ten or more years ago, talk of cybersecurity risk comprised mostly of concerns about being hacked or downloading malware. But the stakes have increased considerably in the past decade, Berkman Klein Center for Internet & Society Directors Jonathan Zittrain and James Mickens discussed with an online audience last month. Professors Zittrain and Mickens explored concerns that the more algorithms are involved in decision-making and the more an assortment of devices are interconnected, the greater the chance for a security breach to have huge societal impact.

The online conversation titled, “Cybersecurity: How Far Up the Creek Are We?,” examined many issues associated with the security of our society’s interconnected systems –from personal smartphones and wi-fi enabled refrigerators to electrical grids and transportation controls. A few of the topics discussed include:

• Building security into the design process – “Trying to achieve security is something of a design attitude—where at every level in your system design, you are thinking about the possible things that can go wrong, the ways the system can be influenced, and what circuit-breakers you might have in place in case something unforeseen happens” – Professor Mickens
• Options for security oversight – “Does there need to be a regulatory board for people producing code, and if not, what would incent the suppliers to worry about systematic risks that might not even be traced back to them?” – Professor Zittrain
• Ethics of security – “There’s no simple way to figure out if our system is going to be used ethically or not, because ethics itself is very poorly defined. And when we think about security, we need to have a similarly broad attitude, saying that there are fundamental questions which are ambiguous, and which have no clean answer … we need to be more imaginative than we are right now.” – Professor Mickens

Looking beyond the traditional boundaries of protecting data or code from bad actors, Professor Zittrain expressed:

If we try to hold constant for a moment the definition of the project of cybersecurity and its boundaries, the 2010 definition such as it was, there are enough best practices emerging … do we use a free and open source software model, do we use an industry council, do we use government? Now, as we move towards an ever larger definition of cybersecurity where there aren't best practices anymore for these larger societally implicating systems, I find myself a little more at sea again.

Watch the full talk: “Cybersecurity: How Far Up the Creek Are We?” on the Berkman Klein Center’s site. The podcast and transcript is also available on this page.