Hackers demand ransom for California voter database
MIT wants to set drone cybersecurity policy
A former top Obama administration official is hoping to help establish cybersecurity policy for driverless cars, delivery drones, and health and financial data.
Daniel Weitzner, President Obama's deputy chief technology officer from 2011-2012, will head a new cybersecurity policy initiative at the Massachusetts Institute of Technology (MIT).
Policymakers are shooting in the dark with cybersecurity, Weitzner said. Congress hasn't passed substantive cybersecurity legislation in years, despite a consensus among lawmakers that something should be done.
"This is the state of cybersecurity policy today: growing urgency, but no metrics and little science," Weitzner said.
It's part of a broader effort at three universities to tackle cybersecurity challenges. The research is backed by a $45 million grant from the Hewlett Foundation, a charitable organization launched by the co-founder of tech giant Hewlett Packard.
"Choices we are making today about Internet governance and security have profound implications for the future," said Hewlett Foundation President Larry Kramer. "We view these grants as providing seed capital to begin generating thoughtful options."
Stanford University will focus on creating trustworthy networks, and the University of California, Berkeley will take the long view, determining what cybersecurity might look like decades from now.
MIT will examine the immediate policy concerns, such as how to protect vulnerable financial and medical data, as well as emerging technologies like self-driving cars and drones.
Breaches at banks like JPMorgan and at medical care facilities like Community Health Systems have technologists worried about private industry data security requirements.
Government agencies have also experienced a slew of hacks, highlighting the outdated federal information security laws.
And while some government regulators have started to issue initial rules for self-driving cars and drones, no long-term policy has been set.
Lawmakers have targeted these as pressing issues, but there is little research on the security of these systems, Weitzner said.
Weitzner and his research team are well-equipped to bridge the gap between research and policy, he said.
"We're very good at understanding the system dynamics on the one hand, then translating that understanding into concrete insights and recommendations for policymakers," he said.
The university is home to some of the nation's most critical cybersecurity technology, including the cryptographic algorithm protecting most online financial transactions.
"That gives us the ability to have our hands on the evolution of these technologies to learn about how to make them more trustworthy," said Weitzner.
Congress has largely stalled on cybersecurity since former government contractor Edward Snowden disclosed a number of government surveillance programs more than a year ago.
Since then, the focus on Capitol Hill has shifted to surveillance reform, with many worried cybersecurity legislation won't move until Congress curtails the National Security Agency's authority.
Tuesday night, the Senate failed to move forward on bill to do just that, the USA Freedom Act. The measure would have ended an NSA phone metadata collection program and increased transparency of the secretive court that oversees the agency.