Former Homeland Security secretary addresses cybersecurity concerns

PHOENIX – Michael Chertoff, who served as U.S. Secretary of Homeland Security from 2005 to 2009, said there’s a new story about hacking that “catches your attention” every day.

“There (are) a lot of discussions these days about what goes on with hacking and what goes on with our data,” said Chertoff, who spoke Monday at a panel discussion about terrorism and cybersecurity hosted by Arizona State University.

Recent headlines bolster Chertoff’s statements.

This week, Saks Fifth Avenue reported that it inadvertently exposed customers’ personal information online, according to BuzzFeed. It joins a long list of retailers that have admitted to a breach.

The issue of foreign hacking and government surveillance also came up during Monday’s congressional hearings with FBI Director James Comey. The U.S. House Intelligence Committee is investigating potential Russian meddling during November’s election.

And in January, hackers toyed with Arizona lawmakers when they were asked to change their password in the state’s payroll system.

It’s not just government and big business. Authorities reported an average of 4,000 ransomware attacks daily since January 2016. That’s a 300-percent increase since 2015, according to federal security officials.

On a global level, cyber and terrorist attacks are becoming more common and more sophisticated, according to North Atlantic Treaty Organization.


(Video by Joe Constantin/Cronkite News)

“Cybersecurity is about protecting the software and the hardware that actually provides the mechanisms for communication,” said Chertoff, who co-authored the Patriot Act, which expanded federal authority to gather surveillance in response to the Sept. 11 attacks.

Monday’s discussion focused on terrorism and cybersecurity as two important national security threats. But the panel also addressed the balance between fighting cyber threats with concerns about the invasion of privacy and potential loss of freedom.

“Security and privacy are not only better together, but they have to be together. They are two sides of the same coin,” Chertoff said.

Audience member Joseph Simitian, a Santa Clara County supervisor, shared a different opinion.

“I’m a little less optimistic with some of the speakers and panelists about the readiness of public institutions and decision makers to embrace the notion that privacy and security are not mutually exclusive,” Simitian said. “I think it will take time and effort to move people towards solutions that are truly effective in respecting both privacy and public safety interests.”

Chertoff said people might be surprised by the amount of personal information collected, not just through the government, but in the private sector. He referenced insurance companies that track driving habits and personal fitness trackers that can provide information to employers.

The public seems to lack confidence that government and private institutions can keep their information safe. A Pew Research Center survey released in January indicated more than a quarter of the respondents weren’t confident the federal government could protect their personal information.

About half of those surveyed said they felt their personal information was less secure than it was five years ago. The center conducted the national survey of 1,040 adults in the spring of 2016.

Ann Cavoukian, executive director of the Privacy and Big Data Institute, and Michelle Dennedy, vice president and chief privacy officer at Cisco, also joined Chertoff at Monday’s event.