#STMIC Fellow Perspective: Five Key Takeaways from the Cyber Civil Defense Summit

On June 13, the Center for Long-Term Cybersecurity at UC Berkeley hosted their second annual Cyber Civil Defense Summit, where they gathered cyber defenders, academics, and policymakers at the forefront of protecting our most at-risk public infrastructure. One of our #ShareTheMicinCyber Fellows, Michael Razeeq, spoke on a panel focused on the future of volunteer-based cybersecurity, and had the opportunity to connect and hear from other experts and practitioners at the frontline of the nation's cyber defense. He shares his top five reflections from his time at the event:

1. Focus on resilience, not security: Michael observed that a reoccurring theme of the summit was resilience, or the ability for cybersecurity systems to anticipate, withstand, recover from, and adapt to attacks or compromises. He observed that "as organizations' information systems and networks become more complex, distributed, and reliant on third parties, organizations must focus more on cyber resiliency--the ability to continuously deliver an intended outcome despite adverse cyber events--rather than preventing adverse cyber events."  
2. Everyone has a role to play: As outlined in the National Cybersecurity Strategy, securing the nation from digital threats requires a whole-of-society approach. Michael recalls that this was a central theme during the summit. "An emerging trend of individuals, civil society, businesses, and governments all have a role to play in improving cyber resiliency for society as a whole. Collaboration is key to success in a whole-of-society approach to cybersecurity."
3. Data-driven success: As there is increased investment in developing the cybersecurity workforce for the future, there continues to be a lingering data gap. "The cybersecurity field can benefit from more evidence-based research and policy," Michael observed. "Adopting a data-driven approach to decision-making is necessary to more rapidly improve cyber resiliency." Data on cyberattacks, economic costs, workforce numbers and other metrics, can be better collected, shared, analyzed, and made available to the public
4. Universities are leading the way: Higher education and other cybersecurity training institutions are critical to closing the cybersecurity workforce gap in the U.S., and their increased commitments across the public and private sector towards lowering barriers to obtaining cybersecurity jobs. The Cyber Civil Defense Summit is hosted by UC Berkeley, which established the first "cybersecurity clinics to train the next generation of cyber defenders and to provide much needed cybersecurity support services to society now." From the Summit, Michael observed, "The private sector and governments should increase funding for and collaboration with cybersecurity clinics, because the clinics are able to help target-rich, resource-poor organizations while also shrinking the cyber workforce shortage."
5. Challenges ahead: Like many other policy areas, emerging technologies like artificial intelligence challenge the cybersecurity sector to think about how they can evolve to meet the risks and threats of the future. Michael observes that "we've made progress toward cyber resiliency in the U.S. but have more work to do. Rapid changes in technology, like AI/machine learning, mean we must continually upskill our cybersecurity workforce and design products with security in mind."

Michael's fellowship focuses on the legal frameworks governing civilian cybersecurity corps, which have been implemented in a number of U.S. states like Michigan, Wisconsin and Ohio. Volunteer-based cybersecurity corps have also been implemented in other countries, such as Ukraine and Estonia, in response to conflict.