Think Tank’s Congressional Cybersecurity Lab Would Educate Politicians

| News

The Woodrow Wilson International Center for Scholars is developing a Congressional Cybersecurity Lab (CCL) intended to help teach technically unsavvy politicians the wily ways of cybersecurity. As noted by (@), the William and Flora Hewlett Foundation issued a grant in November of 2015 to the tune of US$400,000 to the Center to fund development of the CCL.

The grant description:

A grant to the Woodrow Wilson International Center for Scholars will support the creation of a new Congressional Cybersecurity Lab that builds congressional capacity on cybersecurity in a nonpartisan manner. The lab aims to close the knowledge gap with a dedicated educational program for Capitol Hill, introducing cyber fundamentals to a nonexpert policymaking audience. It will give a boost to tomorrow’s cybersecurity leaders in the legislative branch and connect them in a lasting network, thereby contributing to more informed cyber policymaking.

Put another way, the CCL hopes to teach the folks crafting laws effecting cybersecurity what that actually means. To extrapolate greatly, the CCL might well teach the folks in congress why a back door open to anyone is really open to everyone.

From the CCL's website:

The core of the Lab is a six-week seminar series that introduces participants to foundational topics in cybersecurity: how networks work and what defends them, key bad actors and their tools, the roles of different sectors in preventing or responding to threats. Each seminar will be led by top technologists and scholars drawn from the private, public, and non-profit sectors. Each week's seminar also includes a tabletop exercise--in which participants are divided into groups and given scenarios to roleplay that emphasize the role of the legislative branch--as well as a social component. Unless otherwise noted, sessions are held at the Wilson Center.

The Woodrow Wilson Center for Scholars is a non-partisan think tank that is technically attached to the Smithsonian Institute. The Center's raison d'être is to provide information to and increase understanding by policy makers in the U.S. government.

Cybersecurity is seemingly a wild, untamed world to most politicians, and many seem to rely on truthiness rather than facts. This is particularly pertinent to companies like Apple, Google, Facebook, Twitter, Microsoft, and other tech giants as law enforcement and U.S. intelligence services run up against encryption. The CCL could help close the gap in political understanding of why encryption is important for everyone.

Or so one might hope. So far we have a think tank with an idea being funded by a singly, though significant, grant.

Popular TMO Stories


Scott B in DC

And for 6 weeks the will learn all the wrong things. They will learn how to fix the problem and not diagnose the symptom. Like a poor doctor who will stuff you with antibiotics for a viral problem, they are going to teach the cybersecurity version of antibiotics rather than changing the way to think about the process of cybersecurity.

Yes, cybersecurity is a process. It’s not a firewall, appliance, anti-virus, or any single product. It is a way of thinking, designing and architecting systems with resiliency in mind. It’s more than just adding 5 MPH bumpers. It’s adding crumple zones, knowing that an accident will do the most damage and not put any critical systems or information there (see Ford’s exploding gas tanks on the Pinto). It’s not scrambling the network like an egg to where you change the profile of the risk (see Chevy’s side-saddle gas tank). It is not even trying to shortcut the issues and change the profile of your systems (see Honda’s rollover SUV). It’s about putting it together in a way to take it all in consideration.

If they do not ask why does a building maintenance system have access to the cash registers (Target) or the credit card processing system to the inventory control system (Hanniford) or that every cash register can communicate to every other cash register (Target, TJX, etc.), then the wrong information is being taught. If they do not ask if they save their company information in the lobby of their buildings and when they say they do not then ask why are they saving their company’s information in the Internet’s equivalent of the lobby (the DMZ), then they are inviting people to come in (Anthem).

If they do not teach that the cybersecurity, computer networking, and this entire stupid industry is so wrapped up in itself that it is in similar safety shape as the automobile industry is when Ralph Nader wrote “Unsafe at Any Speed,” then no amount of funding and instruction is going to save us from the BRAVO SIERRA.

So hunker down, buttercup, the industry has sold you a bill of goods and you are buying it to the tune of billions of dollars of fraud and waste being plucked from your pockets waiting to become the next victim of cybercrime. I guess you’ll learn when the heart monitor or other medical equipment gets hacked while you are attached to it, because that’s next!

—Signed, seen it, been there, knows how to fix it but nobody gives a damned!

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account