Security

Hewlett Grants $45 Million to Berkeley, MIT, Stanford for Cyber Security Policy Work

• By Dian Schaffhauser
• 11/18/14

A private foundation is getting into the field of cyber security with $45 million in grants for three institutions that will use the funding for new initiatives to spark analysis of cyber security policies. The William and Flora Hewlett Foundation has already issued $20 million in grants through its Cyber Initiative. The latest funding, divided equally among the Massachusetts Institute of Technology (MIT), Stanford University, and the University of California, Berkeley, will be used to create new programs intended to build foundations for developing "smart, sustainable public policy" to help governments, businesses and individuals deal with security threats.

While plenty of cyber security research is going on, the Foundation explained in a statement, these efforts tend to focus on stopping or thwarting the bad guys. Hewlett sees a need to help researchers develop more sustainable solutions, stimulate trust and better communication among participants and bolster the technology and policy expertise among scholars and practitioners. The new programs will bring together experts from across disciplines, including engineering, political science, economics, public policy, business, anthropology and IT, to work together on cyber security problems.

Each school will take a slightly different approach in setting up its new center. Berkeley's Center for Long-Term Cybersecurity will be organized around assessing the possible range of future paths "cybersecurity" might take. MIT's Cybersecurity Policy Initiative will work on establishing metrics and qualitative models to help inform policymakers. Stanford's Cyber Initiative will focus on trustworthiness and governance of networks.

"The goal of Berkeley's new center... is first to map out what the cyber security problem itself will come to mean a few years hence, and then to generate and facilitate the forward looking, interdisciplinary research efforts that will make a difference," said Steven Weber, a professor at the School of Information, which will be home base for the Berkeley program.

At MIT, the new Cybersecurity Policy Initiative will pull together scholars from three areas — engineering (in order to understand the dynamics of the digital systems where risk occurs), social science (to explain institutional behavior and frame policy solutions) and management (to provide practical approaches for institutionalizing best practices in operations).

"We're very good at understanding the system dynamics on the one hand, then translating that understanding into concrete insights and recommendations for policymakers. And we'll bring that expertise to the understanding of connected digital systems and cybersecurity. That's our unique contribution to this challenge," explained Daniel Weitzner, the principal investigator for the new program and a principal researcher in MIT's Computer Science and Artificial Intelligence Laboratory.

Weitzner likened the need for the work to be undertaken to trying to write environmental policy without having any way to measure carbon levels in the atmosphere or science to assess the cost or effectiveness of carbon mitigation tools. "This is the state of cybersecurity policy today: growing urgency, but no metrics and little science," he noted.

Among the research areas he anticipated the MIT program tackling are these:

• How to address security risks to personal health information;
• How financial institutions might reduce risk by sharing threat intelligence;
• What cybersecurity policy frameworks might look like for autonomous vehicles such as drones and self-driving cars; and
• How to achieve agreement regionally and globally on privacy and security norms in online environments.

Stanford's new Cyber Initiative program will launch immediately to develop faculty seminars and conferences, organize working groups of faculty and students to take on policy-relevant problems in information security and offer support for internal research awards, teaching and curriculum development. The institution expects to collaborate with industry and government as part of its efforts.

"Faculty and students will expand existing research efforts and conversations with the goal of building a safer, better world that balances humanity's concerns with the promise of new technologies," noted Mariano-Florentino Cuéllar, the director of Stanford's Freeman Spogli Institute for International Studies and one of the founders of the initiative.

Cuéllar added that areas of focus will include how to resolve trust and security problems that are part and parcel of networks, how to govern the Internet in a world where values differ and how to anticipate disruptive developments in IT that could have an impact on national security, intellectual property, civil liberties and society.

Ann Arvin, Stanford's vice provost and dean of research, said, "Our scholars and students will examine pressing questions about how can we ensure security and protect privacy while continuing to foster an open, innovative and entrepreneurial culture and society. We want to better understand the short- and long-term consequences and implications of the pervasiveness of digital technology in our lives."

"Choices we are making today about Internet governance and security have profound implications for the future. To make those choices well, it is imperative that they be made with some sense of what lies ahead and, still more important, of where we want to go. We view these grants as providing seed capital to begin generating thoughtful options," said Hewlett President Larry Kramer. "Having these three universities on board, with their global reach and world-class faculties, is a huge step in addressing one of the defining challenges of our time."