On October 13th 2015, numerous experts in the field of global affairs visited the Jackson School of International Studies as part of the “New Frontiers in International Affairs: A Conversation on the Arctic, Space and Cybersecurity,” the inaugural conference of the Jackson School’s International Policy Institute. This conference involved panels discussing some of the most pressing issues facing the United States today, and the Jackson School Journal was fortunate enough to sit down with several of the conference’s distinguished delegates. This is the first of three interviews conducted with visiting experts for the Jackson School’s conference.
Paul Nicholas of Microsoft’s Global Security Strategy and Diplomacy Team describes how his experience as Director of Cybersecurity at the White House prepared him to meet the security challenges facing the private sector. This interview originally appeared in the Autumn 2015 Issue.
Jackson School Journal: You’ve had a very extensive career in both the public and private sectors. You were the Director for Cybersecurity at the White House and before that, you worked in several government agencies before moving to Microsoft in your role in Global Security and Diplomacy. Could you talk a little about what prompted the switch from government work to the private sector?
Nicholas: Something that I learned working in government and the White House was that we face a very real and present security threat – but it’s hard to address it or solve it directly with the government resources we currently have. The private sector appealed to me because I felt like the resources and possibility of actually coming up with solutions to these threats were available there. Another thing that drew me to the private sector was that, when working in the government, you get a very high level overview of how it works, but it’s very focused on just one system. At Microsoft, instead of working with one government, I can work with many governments and different actors globally.
Jackson School Journal: What are your thoughts on the OPM attacks? [Reader’s Note: This refers to the major cyber-attacks against the Office of Personnel Management that occurred in the summer of 2015.]
Nicholas: It’s a great example of the big challenges that many governments are facing today. What is the proportional and appropriate response? It goes back to the idea of cybersecurity norms. There isn’t a framework within the international community to respond to this, so we have to start creating one. It’s also an example of how there are lots of things that happen that are short of warfare, but just as threatening to national security. You have to figure out a way to protect Internet users globally, not just domestically. I think the bottom line is that we need a normative framework in order to be able to address attacks like this appropriately.
Jackson School Journal: Building off of that question, what do you see as some of the biggest issues in cybersecurity today?
Nicholas: I see three fundamental issues as being key to the field of cyber-security right now. The first is, of course, security. Governments worry about security at the international level, and one of the ways governments try to deal with security is to implement compliance frameworks across the board. These make you feel secure, but don’t actually work that well in practice because if these frameworks are similar, hackers can find the seams easily. The second is about controllability. If a country realizes that a foreign technology product can actually threaten their national security, how do they go about regulating this type of technology? What is the appropriate response? Finally, there’s the issue of transparency. We want to understand where things come from and how to deal with this. This isn’t just related to governments, but citizens and the community (global and national) all want this. At a high level, these issues are really about trust.
Jackson School Journal: Finally, for our readers who are interested in going into the fields of cybersecurity and national security policy, what type of background and preparation would you recommend to them for working in this type of area?
Nicholas: I think a background in economics is extremely useful. Understanding economics is key to understanding actors and issues on the global stage today. Soft power matters and you have to understand how that works. I would also recommend a strong liberal arts background. Such a background can really help challenge you to be a critical thinker, evaluate issues, and be able to assimilate different perspectives. Always question your own assumptions – it’s very easy to fall into “mirror imaging,” which is assuming that countries think a certain way, when this may not be the case. Often, this is how strategic surprises happen – from assumptions that turned out to be false.
Interview Edited By Irena Chen