Richard Danzig of the Rand Corp. Delivers the Fifth Sloan Foundation Lecture

Attendees at the Fifth Sloan Foundation Cyber Security Lecture at the NYU Polytechnic School of Engineering on December 10 were greeted by an eerie but compelling image: Projected on the screen was a robotic arm, vaguely reminiscent of the killer cyborg in the Terminator movies. Clutched in its skeletal metallic fingers was a tempting apple. That image was from the cover of the report “Surviving on a Diet of Poisoned Fruit: Reducing the National Security Risks of America’s Cyber Dependencies” by Richard Danzig, vice chair of the Rand Corporation.

That publication was the basis for Danzig’s lecture, which proposed strategies for coping with the security paradox presented by cyber systems: that is, as digital systems grant us unprecedented powers, they also make us less secure as a nation.

Danzig, who served as Secretary of the Navy in the Clinton Administration, was introduced by NYU Senior Presidential Fellow Jerry Hultin. The two men were well-acquainted: Hultin had been Danzig’s Under Secretary. Describing his former colleague as “the sharpest knife in the drawer,” Hultin related the tale of how in the 1990s Danzig had arranged to open a vial of peppermint oil near an air vent in the Pentagon. Minty air wafted throughout the entire building, and the stunt proved unequivocally to policy makers our vulnerability to attack with biological weapons.

We are just as vulnerable, Danzig asserted during his lecture, to cyber attack, and although the whiff of those attacks is virtual, we must be just as prepared.

The communicative capabilities of our cyber systems enable collaboration and networking, Danig explained, but collaboration and networking open the doors to intruders. Additionally, our systems have enormous efficiency and scale of operations, but that exponentially increases the amount that can be stolen or subverted—think of Edward Snowden, who had access to 1.7 million documents, he said, illustrating his point. “Cyber systems nourish us, but at the same time they weaken and poison us,” he warned. “Risk is inherent in the benefits of technology.”

Danzig is no mere voice of doom, however. He outlined a series of practical recommendations for policy makers. Make a baseline presumption that our critical defense systems are vulnerable, Danzig advised, and sacrifice some cyber benefits in order to increase security. He believes we should be aiming for leaner, stripped-down systems. Why should printers have memory, he asked, non-rhetorically, when most personnel use them only to print. Touching on a much more frightening topic than office printers, Danzig asserted that we must convince China and Russia that we are all becoming less secure and pursue agreements that all parties refrain from cyber intrusions into nuclear command, control and warning systems.

Danzig’s edge-of-your-seat talk was followed by a lively panel discussion whose participants included Ralph Langner, the founder of an eponymous, independent German cyber defense consultancy; Andy Ozment, the Assistant Secretary of the Department of Homeland Security’s Office of Cybersecurity and Communications; and Stefan Savage, the director of the Center for Network Systems at the University of California, San Diego.

All agreed that the event had provided much food for thought. “The amount of information I got today was dizzying,” Peizen Chen, a student from China who is now earning a master’s degree in cybersecurity at the School of Engineering, said afterwards. “I feel even more confident now that I’m pursuing a vital field and that I can contribute to Dr. Danzig’s goal of a safer, more secure cyberspace.”