Agenda and Topics
The forum will be organized around modules that each provide in-depth topical study, and will bring together a diverse set of legal scholars and practitioners, technology experts, business leaders, and policymakers in a conversation about how to work together to meet the most pressing challenges.
Thursday, March 30
3:00 p.m. – Optional Yale campus tour
7:00 p.m. – Opening Dinner: Welcome & Remarks
OONA HATHAWAY, Director, Yale Cyber Leadership Forum; Professor of International Law, Yale Law School
Friday, March 31: Mapping the Divide
9:00 a.m. - 10:00 a.m. – The Technical Threat Landscape
ERIC STRIDE, Senior Vice President, root9B
What does the cyber threat landscape look like today? Where are threats coming from? What are the motivations of the actors behind these threats? How do the varying motivations affect the nature of the threats and the available responses?
10:00 a.m. - 10:30 a.m. – Encryption is Not (Quite) a Panacea
JOAN FEIGENBAUM, Department Chair and Grace Murray Hopper Professor of Computer Science, Yale University
Careful use of strong encryption is our best defense against theft of data and unwanted surveillance. Despite the banality of that observation, many organizations and individuals that are responsible for valuable data don't use encryption or use it incorrectly. Moreover, there are common information-security problems that encryption cannot solve. Feigenbaum will review both the power of encryption to protect digital resources and the limits of that power. She will then turn to the questions of why encryption is not used more often and more effectively and what Cyber Forum participants can do to improve the situation.
10:30 a.m. - 10:45 a.m. – Coffee Break
10:45 a.m. - 11:15 a.m. – A Breakthrough Toward Hacker-Resistant Operating Systems: CertiKOS
ZHONG SHAO, Professor of Computer Science, Yale University; Leader of the CertiKOS team
The construction of secure and functionally correct systems software has been one of the grand challenges of computing since at least the mid-20th century. Recent advances made by the CertiKOS team at Yale demonstrate that it is indeed feasible and practical to build certifiably hacker-resistant operating systems that additionally provide evidence - through machine-checkable mathematical proofs - that the operating systems are free of any loopholes.
11:15 a.m. - 11:45 a.m. – Active Defense: Malware Takedowns and International Cyber-Crime Enforcement - A Public/Private Model
RICHARD DOMINGUES BOSCOVICH, Assistant General Counsel Digital Crimes Unit, Microsoft
Today more than ever, both law enforcement and the private sector are grappling with the question of what is the most effective mode of deterrence regarding cybercrime and what is the most effective use of resources. Is it better to systematically and persistently disable infrastructure quickly and at scale, even if the cybercrime “kingpin” is never identified? Is it better to invest six years and millions of dollars to identify, prosecute and convict a handful of the most high level players, even if the crimes continue during that period? This discussion explores options for enforcement, pros and cons, and potential strategies and tradeoffs in the borderless world of cybercrime.
11:45 a.m. - 12:15 p.m. – International Legal Framework
12:15 p.m. - 1:30 p.m. – Keynote Conversation & Lunch: Securing and Growing the Digital Economy - Perspectives from the Commission on Enhancing National Cybersecurity
SAMUEL PALMISANO, Chairman, Center for Global Enterprise; Vice Chair, Commission on Enhancing National Cybersecurity; Former Chief Executive Officer, IBM
Moderated by EDWARD WITTENSTEIN, Executive Director, Johnson Center for the Study of American Diplomacy, Yale University
In December 2016, the Commission on Enhancing National Cybersecurity delivered its final report to the President, offering a series of recommendations to strengthen and streamline the federal government’s cybersecurity efforts over the short-, medium-, and long-term. This lunch conversation will provide a first-hand account of the Commission’s 10-month investigation, and the perspectives offered by senior cybersecurity experts across government, academia, and the private sector. How did the Commission arrive at its findings and what are the prospects for implementation going forward?
1:30 p.m. - 2:30 p.m. – The Regulatory and Legal Landscape: What Law Governs?
VIVEK MOHAN, Global Privacy Law and Policy, Apple Inc.
MEGAN STIFEL, Founder, Silicon Harbor Consultants; former Director for International Security Policy, National Security Council
Moderated by OONA HATHAWAY
A vast range of legal and business considerations render incident response a task that cannot solely be handled by information security personnel. In responding to information security incidents, companies need manage regulatory risk, government/law enforcement cooperation, privilege issues, international considerations, notification obligations, and more --- all while dealing with timely imperatives to actually mitigate and investigate the incident. The totality of considerations applicable to the company must be understood well before an incident occurs to ensure incident response plans are usable and effectively manage risk.
2:30 p.m. - 4:00 p.m. – Breakout Sessions: Exploring the Divide
JAMES KAPLAN, Partner, McKinsey Cybersecurity Practice
MARC SOREL, Associate Partner, McKinsey & Company
DAVID WARE, Associate Partner, McKinsey Cybersecurity Practice
Breakout groups will lead participants, who will be drawn from different sectors, in a discussion of what they see as the central challenges to overcoming the divide between law, technology, and business on cyber? They will also begin to brainstorm strategies for overcoming the divide.
- How should private sector institutions value cyber risk?
- What should be the regulatory framework for IoT regulation?
- What should be the guiding framework for legal/policy/business practice principles for when government or corporate cyber self-defense is justified?
4:00 p.m. - 4:15 p.m. – Break
4:15 p.m. - 5:15 p.m. – The Challenges Posed by the Divide
TERRY RICE, Vice President, IT Risk Management & Chief Information Security Officer, Merck Pharmaceuticals
Moderated by MARC SOREL
5:15 p.m. - 6:00 p.m. – Cocktails
6:00 p.m. – Dinner Keynote: The Hacked World Order
ADAM SEGAL, Ira A. Lipman Chair in Emerging Technologies and National Security, and Director of the Digital and Cyberspace Policy Program, The Council on Foreign Relations
These require our focused attention: the likelihood that a US-China cyber deal would hold; the depth of the split between Washington DC and Silicon Valley; and the willingness of Russia to use info ops against the US.
Saturday, April 1: Bridging the Divide
9:00 a.m. - 9:45 a.m. – Reducing Uncertainty with Technology
NATHANIEL GLEICHER, Head of Cybersecurity Strategy, Illumio
ALEKSANDR YAMPOLSKIY, Chief Executive Officer and Founder, Security Scorecard, Inc.
Moderated by SCOTT SHAPIRO, Charles F. Southmayd Professor of Law and Professor of Philosophy, Yale Law School
9:45 a.m. - 10:30 a.m. – Making Decisions About Cyber Security in a World of Uncertainty
MATTHEW SPENCE, Partner, Andreessen Horowitz; former Deputy Assistant Secretary of Defense for Middle East Policy
MICHAEL SULMEYER, Director, Cyber Security Project, Belfer Center for Science and International Affairs, Harvard Kennedy School
Moderated by SCOTT SHAPIRO
The world of cyber remains a world of uncertainty. There is uncertainty about the nature of current, much less future, threats. There is uncertainty about the current and future legal landscape. And there is, as a result, deep uncertainty about the roles and responsibilities of businesses. How should businesses respond to these uncertainties? This panel will consider how businesses can manage the threat landscape in a world of uncertainty. The conversation will address (1) long-term risk management through investments; (2) mid-term risk management through programming; and (3) short-term crisis management when an attack is underway—who to call and what steps to take to minimize harm.
10:30 a.m. - 10:45 a.m. – Break
10:45 a.m. - 12:00 p.m. – Mapping the Divide / Restructuring the Landscape
OONA HATHAWAY and MARC SOREL
We will present the results from the first day of discussion, including small group conversations—what challenges have participants faced and what strategies have they used to overcome the challenges? How could the regulatory landscape better bridge the divide? What should the regulatory ecosystem for cyber look like as we move forward? How should responsibility be allocated between private actors and government regulators? Where should government step in and when should it instead step back? Is there a special role, for example, when it comes to critical infrastructure? (And, if so, what, exactly, is critical infrastructure?) This conversation will form the basis for a post-conference report regarding the possible roles and responsibilities of various stakeholders in the cyber-security arena.
12:00 p.m. - 2:00 p.m. – Lunch Keynote: What the Republican Congress Has In Store for Cyber
CHRISTIAN BROSE, Staff Director, Senate Armed Services Committee
Moderated by EDWARD WITTENSTEIN
The U.S. Senate has been actively engaged in ensuring effective oversight of government cyber strategy and policy. The Senate Armed Services Committee in particular has held a number of high-profile open hearings in recent months to consider foreign cyber threats and the challenges associated with crafting effective legislative responses. Looking ahead, this closing conversation will explore the Congress’ upcoming cyber agenda for the next year.
2:00 p.m. – Forum ends