Cyber Security Webinar
May 24, 2024
A Conversation on Critical Cyber Security Challenges with Chris Inglis
On Friday, May 10, 2024, the French-American Foundation—United States held a Cyber Security Webinar on critical cyber security challenges. The Foundation was honored to welcome distinguished speaker Chris Inglis, Former United States National Cyber Director and moderator Cara LaPointe, PhD, Young Leader ‘16 and Adjunct Professor at Georgetown University.
Cara LaPointe, PhD opened the conversation with a question on the opportunities and challenges of today’s dependence on digital technology. Chris Inglis explained that with increased dependence and syndication among cyber threat actors, it is important for the stool of digital infrastructure to sit sturdily on three legs: innovation, market efficiency, and security. Unfortunately, he explained, the first two have been the focus for most companies, while security has not been a priority until relatively recently. According to Inglis, for cyber security to be most efficient, it is important to not only get the technology right – the doctrine governing it must be sound as well.
Next, the conversation turned to cyber security regulations. Inglis compared cyber regulations to those of the automobile industry. Vehicular safety involves several sectors working together in harmony – manufacturers need to build safety features into their vehicles, the rules of the road need to be effectively governed, and drivers need to make safe driving a priority. Inglis stated that the same could be said for cyber security regulations, which should be applied “only when necessary, with the lightest possible touch” in order for them to be efficient. Inglis also emphasized the importance of equal regulation of both the operating and back ends of systems, saying that an unfair burden has been placed on the operators for keeping these systems safe. “Every party needs to contribute to the defense of all of us,” asserted Inglis.
Shifting to the role of policy in cyber security, Inglis expressed his view that many nations still haven’t fully grasped their dependence on digital infrastructures; however, he explained that he believes countries like the United States and France are on the right track. He shared that both countries are investing in resilience by design rather than reactive approaches to cyber threats. Both the United States and the European Union, including France, must work across various government constructs to align innovation, market efficiency, and safety. He stressed the importance of the human component in cyber security, emphasizing that people need to be educated to do their part to keep the digital space secure.
LaPointe raised a question on the intersection of cyber security and AI, particularly focusing on generative AI. Inglis said that the speed at which generative AI arrived, and the speed at which it is changing, makes it challenging to work with. Inglis stated that if we make use of AI technology, which we should, its purposes need to be clearly defined, and the technology should be instrumented and controlled so that an intricate understanding of its inner workings isn’t necessary to use it safely and responsibly. At the end of the day, he explained, “the human remains the accountable party,” and it is up to manufacturers, governors, and operators to work together to ensure that “[we are] flying the airplane, [rather than] the airplane flying [us].” AI should, in a sense, be parented like a child – machines should be trained with a human in the loop in both its execution and its formative moments, providing continuous feedback and defined sidewalls.
When asked about the cyber resilience of certain sectors over others, Inglis praised the financial industry for its ability to measure its cyber dependency and risks, saying that a sector’s history will influence the way they approach cyber security. Citing the 2021 attack on Colonial Pipeline, Inglis underlined how important it is for companies to make cyber security a priority. LaPointe added that cyber security is a struggle even for companies that are digital by design, such as Uber and SolarWinds. On the subject of the latter company’s 2020 cyber-attack, Inglis highlighted the doctrinal component of the security breach. Many customers believed that SolarWinds was, first and foremost, a security company, and that safety was getting taken care of on the manufacturing level when it wasn’t. This misalignment of expectations contributed to SolarWinds’s cyber security breach. Inglis pointed out that it is important for expectations to be allocated so that everyone can do their part.
Attendees were able to ask their own questions during a Q&A session at the end of the webinar. Topics touched on the younger generations’ understanding of cyber security and AI, the protection of the upcoming French Olympics, and the importance of international collaboration in cyber security and sharing confidential information.
The FAF extends its sincere thanks to speaker Chris Inglis and moderator Cara LaPointe, PhD for taking the time to dive into such an interesting discussion.
About the French-American Foundation’s Cyber Security Webinars:
Building on the French-American Foundation’s longstanding commitment to advancing transatlantic dialogue on cyber security-related issues, our webinar series complements the Foundation’s annual two-day Cyber Security Conference in December. These webinars are open to the public and engage high-level American and French experts in conversations on today’s most pressing cyber security challenges in a transatlantic context.