NOTE: This page is part notes, part draft. Please do not treat it as a final version.


[edit] Internet Security

What is Dropbox's security and are they looking to academics to help them with that? Oftentimes companies are not internalizing the cost of their decisions, because there isn't an upfront liability to it.

It's not "if" it's when.

They're often thinking about a product launch.

The impact on the company is shorter and less than the impact on the consumer.

Digital viruses. A digital immunology model.

Remember this quote from sociologist Emile Durkheim: "as society progresses, we go from mechanical to organic". And we need to deal with threats the way a body would deal with a virus. You don't just die from the cold - you have antibodies. Some cells are sacrificed, but on the whole non of your functions are permanently compromised. In the case of the cold, it can spread from person to person, but each person is a pretty well self-contained system.

Underwriter's Laboratory is part of the consumer protection model. UL for a long time was a symbol when electricity was new that you could plug this into the wall and it wouldn't burn down your house. Increasing consumer education and awareness have pricary certified or cybersecuirty certified. We're in an era of new electricity.

[edit] Urs Gasser

"Why are these analogies so important? It immediately suggests an ecosystem perspective. It also turns the question to what is the role of law and regulation into a new perspective as well. Governance implies that we need to consider: in these syems a particular issue part of this system has a manifestation at a local level but has global consequences. How do we deal with this things at differnet layers. For any problem, be it prevention or management of problems and solutions - you have to deal with multiple stakeholders. you can't kust deal with one single actor to deal with. ou need amny action to work together. What are the models, what do they look like, how do they relate totraditional, industrial, mechanical instutions that we hve evolved over time. and what do we need to form or change in oder to deal with these threats. Third, cyber hygeine, awareness, a form of UL for products. Who is coordinating the use of these tools. how do we introduce some sort of strategic planning, benckmarks and . How do we incorporate feedback loops of learning for what works and what does not. THis ecosystem problem is of a global magintude at all places."

Evaluating harm. HIPPA. How does HIPPA calculate these finds? You have to do a calculation of what harms comes to people when their data is stolen. You need to make it a large enough harm to make companies not ever want to hit it. a harm "landmine" to properly incentivize the data breeches so that there is an incentive not to do it. The potential harm has to be "up front" so that the resources get invested to protect people up front.

Maybe a required government provision that requires all companies to go through a security regulation process to protect human data

[edit] Erosion of Trust

Erosion of trust at many levels.

Commercial providers don't want to share information about the level of breeches - because they are afraid of consumer trust issues. Failing to do that erodes trust in the entire sector potentially.

[edit] Michael Sulmeyer


Director, Cyber Security Project Telephone: 617-495-1343 Email:

[edit] Biography

Dr. Michael Sulmeyer is the Belfer Center's Cyber Security Project director at the Harvard Kennedy School. He recently concluded several years in the Office of the Secretary of Defense, serving most recently as the Director for Plans and Operations for Cyber Policy. He was also Senior Policy Advisor to the Deputy Assistant Secretary of Defense for Cyber Policy. In these jobs, he worked closely with the Joint Staff and Cyber Command on a variety of efforts to counter malicious cyber activity against U.S. and DoD interests. Previously, he worked on arms control and the maintenance of strategic stability between the United States, Russia, and China. As a Marshall Scholar, Sulmeyer received his doctorate in Politics from Oxford University, and his dissertation, "Money for Nothing: Understanding the Termination of U.S. Major Defense Acquisition Programs," won the Sir Walter Bagehot Prize for best dissertation in government and public administration. He received his B.A. and J.D. from Stanford University and his M.A. in War Studies from King's College London. He is a Term Member at the Council on Foreign Relations.

Retrieved from ""

This wiki is from