New Flight Plans: Expert talks politics in relation to security and why he hates Cybersecurity Awareness Month
Why would a political scientist be the go-to guy for cybersecurity? Well, it turns out there’s a lot of crossover. That’s what Fast Future’s founder Tom Cottingham found out when he interviewed Dr. Richard Harknett, professor and director of the School of Public and International Affairs at the University of Cincinnati.
The two chatted about cybersecurity, physical security, integrated circuits, the Ohio Cyber Range Institute and more. Here’s a brief summary of their conversation.
How did you go from political science to cybersecurity?
Harknett was interested in the end of the Cold War and how it relates to national security, he said. “[I was] looking at the emergence of precision weaponry, actually. And there were some discussions among people that said, ‘Well, maybe, you know, our reliance on nuclear deterrence, maybe we could rely on precision conventional weapons and get the same kind of deterrent effect.’ And the work that I was doing, as I was finishing up my degree at Johns Hopkins, I said, ‘No, that doesn’t hold, that you get a fundamentally different dynamic with regard to deterrence when you deal with contestable costs.’”
He added, “The connection between cyber and nukes is that the ARPANET was essentially a Defense Department attempt to figure out how you sustain a communication system. … But I came along and did some analysis and said, ‘This just does not map up, that the structural environment of this thing called’ – that was not called cyberspace at the time, ‘this idea of ubiquitous network computing, a network of networks emerging through the internet, that it had its own distinct dynamics and logic.’”
Tell us about your book?
Harknett’s book, “Cyber Persistence Theory: Redefining National Security in Cyberspace,” with Michael Fischerkeller and Emily Goldman, was released on May 20. “This is the theory behind the doctrinal changes that the U.S. Cyber Command and the U.S. government overall, had been making over the last few years. And I served as a scholar in residence at cyber command and National Security Agency and had the opportunity to help assist with those real-world policy changes, and strategy changes. And this is the book that explains why we actually have to make those changes,” he said.
What should cybersecurity leaders worry about most?
Harknett suggested prioritizing your most important asset: “I think down at the unit level, it starts with what’s your crown jewels? If you’re a state, those are particular national-level economic assets, political and national security. If you’re a business, this may be your core intellectual property. And so the starting point, Tom, is, efficiency and access are great. And we have to leverage the technology for those things, but we have to recognize, right, the potential for exploitation of vulnerability. And so I need to make assessments as a business owner of a trade off. If I lost those crown jewels tomorrow, if I lost that intellectual property, or if I lost that process, if I lost that data set, is that the end of my business? Is that setting me back six months in the competitive marketplace? How much can I absorb disruption or loss to those core things?”
What is the relationship between cyberspace and physical security?
Basically, regulation, he said. “In the terrestrial space, we came up with protocols on law enforcement, where the state and the private sector separate. And we’re still trying to feel our way through time, even though we’re 30 some odd years into this space, what those core relationships are. There’s a general allergy to anything that smacks of regulatory constraints. We need some better rules of the road in terms of roles and responsibilities. So, how does, for example, government get better at helping the private sector on cybercrime? If we don’t actually know, we don’t know the data on the crime itself. If we don’t have the reporting, that we do in all other areas of crime, how do we actually create good strategies and policies, if we don’t actually know the expanse of the problem?”
Tell us more about the work being done at the University of Cincinnati.
Harknett said he’s pleased with the university’s Center for Cyber Strategy and Policy. “It sits in our new School of Public and International Affairs. We’ve just this spring, transformed our Department of Political Science that’s been around for 104 years into this new school. And the School of Public and International Affairs has basically a mission, a much more intentional mission, to align the research that we’re doing, Tom, to public impact, and the government angle to a lot of our work, the policy impact.”
The organization doesn’t want to just “talk to itself,” he said. “We need to be speaking, our research speaks to the institutions and the people that we are researching. … It’s anchored on understanding the concept of cyber persistence and the strategy of the DoD approach of persistent engagement, and defend forward.”
How do you feel about Cybersecurity Awareness Month (October)?
Harknett has strong feelings about the month: “If I’m successful, there will not be a month because it needs to be a year, it needs to be a decade, it needs to be a millennia of this; this is what we’ve created. The 21st century is global and interconnected through this just remarkable space.”
Harknett offers plenty more skills and advice in the full interview: