White House cyber czar: To stay secure, kill the password – but keep data within reach of police
Cybersecurity Coordinator Michael Daniel spoke with The Christian Science Monitor's Passcode.
White House Cybersecurity Coordinator Michael Daniel spoke with The Christian Science Monitor's Passcode about training the next generation of cybersecurity workers, new ways to protect your personal devices, and how his job coordinating government and industry can be like herding cats.
The event, hosted by the Monitor and The Center for National Policy, also featured: Jeff Moss, founder of the Black Hat and DEF CON tech conferences; Peter Singer, a cybersecurity expert at the New America Foundation; Frank Cilluffo, co-director of George Washington University’s Cyber Center for National and Economic Security; and Vern Boyle, technical director for Northrop Grumman, which sponsored the event.
You can watch the full event online here, but here are some video highlights:
Daniel: Passwords are terrible (video)
‘Frankly, I would really love to kill the password dead as a primary security method-- because it’s terrible,” Daniel said. “But when we think about replacing it, it has to be replaced with something that’s actually easy for people to use.”
What will replace the password? Biometric technology, such as fingerprint scanners, could play a role -- and even cameras on cell phones could be used to take an identify-verifying selfie, Daniel said.
Daniel: Data should not be completely inaccessible to police (video)
Apple and Google’s steps to strengthen privacy protections on mobile devices -- so that even law enforcement would not be able to access personal data-- have drawn objections from the Federal Bureau of Investigation and Attorney General Eric Holder.
Encryption itself is a best practice, Daniel said, but the issue for the government is: “We don’t want to have something that puts it utterly beyond the reach of law enforcement in the appropriate circumstances.”
Daniel: Not easy to unplug critical infrastructure from the Internet (video)
What’s the best way to protect chemical plants or nuclear facilities? Is detaching some critical infrastructure the best way to protect them? “As tempting as that might be to do as a solution, I also don’t think it’s possible to wind the clock back and not have some of these systems enabled for access,” Daniel said.
“There have been over 31,000 magazine newspaper and academic journal articles on the phenomena of cyber terrorism,” Singer said. “There have been zero actual incidents of cyber terrorism according to the FBI definition of it…. Something that is definitely real and arguably bigger [is] the massive campaign of intellectual property theft.”