Yale University and global consulting firm McKinsey & Co. aim to facilitate a conversation on how legal, business and policy leaders can work together on cybersecurity issues at the “Bridging the Divide” conference March 30-April 1 in New Haven, Conn.
This first-ever Yale Cyber Leadership Forum aims to offer attendees an environment to exchange ideas and learn what cyber challenges each field faces in handling a threat landscape and how to create a structure across different sectors for partnerships and sharing.
This conversation below offers a preview of the event as ExecutiveBiz recently spoke to Oona Hathaway, founder and director of Yale Law School’s Center for Global Legal Challenges.
A former special counsel to the Defense Department General Counsel, Hathaway offered her perspective on how she sees leaders from the business and policy world collaborating to address cyber challenges and levels of investment and participation both sides have to offer.
ExecutiveBiz: What was the catalyst to organize the conference?
I have been working for several years on the legal issues raised by cyber. When I worked at the Department of Defense, I saw first hand the challenges the U.S. faces in addressing cybersecurity threats. I also repeatedly saw that the lawyers (including myself) didn’t really understand the technology and that made it very difficult to address the legal issues. Last year, my colleague at the Law School, Scott Shapiro, and I collaborated with the chair of the Computer Science Department at Yale, Joan Feignbaum, to design a course meant to begin to bridge this divide. The Hewlett Foundation generously supported our time to design a course that would create common ground among computer science students and law students so that both could bring a more sophisticated understanding of the legal and technical issues to bear on addressing the threat posed by cyber. As the course proceeded, I realized that we could bring a similar approach to a different audience: executives and other professionals in the law, business, and tech arenas. This group is essential to identifying the challenges the private and public sectors face in cyber—and together they have the expertise to help us begin to identify solutions to those challenges.
ExecutiveBiz: How do you envision the legal and technical aspects of cyber converging at the event?
We are bringing together experts in their fields—including those breaking new ground in addressing legal, technical, and policy challenges posed by cyber. One of our speakers, Richard Domingues Boscovich, is the Assistant General Counsel at Microsoft and is engaged on a daily basis in active defense against cyber threats—working with criminal law authorities around the world to identify and prosecute cyber criminals. Another of our speakers, Nathaniel Gleicher is head of cybersecurity strategy at Illumio, a new firm that aims to stop cyber threats by controlling the lateral movement of unauthorized communications across application environments. And Megan Stifel is the founder of Silicon Harbor Consultants, which provides strategic cybersecurity operations and policy counsel. Before that, she was an attorney in the National Security Division at the US Department of Justice, working on the most challenging cybersecurity issues facing the U.S. government. And these are just three of more than a dozen equally amazing speakers. Our attendees at the Forum are themselves leaders in the field—including high-level executives from Experian, Raytheon, Zentific, CyCurity, General Electric, and lawyers from leading law firms with cutting-edge cybersecurity practices, as well as the U.S. Senate. We have designed the Forum as a small gathering, so that we can take advantage of all the expertise in the room.
ExecutiveBiz: Who do you see as the main beneficiaries from attending the event?
We’re aiming the Forum at business leaders who have faced cybersecurity issues as they have worked to lead their organizations and who want to better understand the array of tools they have at their disposal to responsibly manage the risk posed by cybersecurity. We are also aiming to bring in lawyers who have experience advising businesses on legal risk, but who also would benefit from better understanding the array of challenges and tradeoffs that business leaders face. We are hoping to attract tech leaders, who have the technical skills to help address cybersecurity threats, but who want to better understand the legal and business environment—so they can better identify the problems that businesses need technical help to address. And we are hoping to bring in policy leaders who are seeking to define the role that government can and should play in identifying and addressing risk—and who want to better understand how the public and private sectors can best support one another. Traditionally these groups interact only with others in their own silos, and our goal is to bring them out of those silos and get them interacting in large and small groups so that we can “bridge the divide” that has slowed progress in addressing the cybersecurity threat.
ExecutiveBiz: What can business executives get out of the conference?
We have partnered with McKinsey precisely to ensure that we could design a program that business executives will find valuable. McKinsey has worked for years with businesses that have tried to figure out how best to address the cybersecurity threat. In early discussions with McKinsey, we learned that business leaders were facing the same challenges that we see elsewhere in cyber—the technological experts had a hard time communicating clearly with the business executives about the real threats the face. This is a fast-moving field in which proper business practices can be difficult to identify. And business leaders sometimes struggle to determine how to address short term, medium term, and long term risks. How should they invest to address this threat—while understanding that money that is spent on cybersecurity isn’t invested elsewhere. The goal of the conference is to offer insights into these challenges, offer clear outlines of the threat landscape and legal and regulatory framework, and then engage leaders together in a conversation about how to move forward. Participants in the Forum will also have an opportunity to shape a white paper that will summarize the conclusions of the conference, which we will distribute to policy leaders so that they can better appreciate the complex challenges that business leaders face in this arena.