the Chertoff Group: Security in the Boardroom
The Chertoff Group held a session in its Security Series yesterday: Security in the Boardroom. We'll have full accounts of the panels and presentations beginning tomorrow, but in the meantime, here are some of the highlights.
While the focus of the conference was on how boards of directors could understand and approach their responsibilities for cybersecurity, the presentations and discussions were more far-ranging than the topic might suggest. Typically such conferences enjoin CISOs to approach the board with a business case for security, couched in language accessible to board members with a business background, and they urge board members to understand cybersecurity as an exercise in risk management, with due attention paid to the familiar range of threat actors and their tactics. This sort of advice is certainly valuable (and such valuable advice was exchanged during the Security Series) but yesterday's sessions covered some ground less often traversed.
Many of the panels were devoted to exploring the effects that emerging technologies were likely to have on organizations. The families of technologies most discussed were autonomous systems, artificial intelligence and machine learning, and blockchain and distributed ledger applications. These will inevitably become matters of immediate concern in organizational risk management, and they remain imperfectly understood. The first two are still pictured in highly anthropomorphized science fiction terms (Skynet, the Terminator, etc.). The third is generally not understood at all (as much as it is mentioned in the media). Thus CISOs were advised to think not just about getting a seat at the board's councils, but to think through the implications of technologies that are already beginning to make themselves felt, and are entering corporate operations in ways that aren't generally well-understood.
Other interesting points were made about the psychology and neuroscience of training, with implications for resilience and incident response under pressure. There were discussions of public policy and its implications for boards of directors, and there was some pointed cultural advice for Silicon Valley.
We'll have accounts of these and more beginning tomorrow. In the meantime we'll just thank Dr. Reggie Brothers, Chertoff Group Principal and former senior science and technology executive at both the US Departments of Defense and Homeland Security, for his discussion of Ramon Llull (1232-1316) as the first thinker known to have devoted serious attention to theory and speculation about artificial intelligence. (Anyone speaking at a cyber conference who calls out a high medieval scholastic and great Catalan poet for his ars combinatoria is o.k. in our book.)