Categories: Cybersecurity

Discussing online security and risk

We live so much of our lives online. Building a healthier internet is part of protecting our way of life, and is central to Mozilla’s mission. But we can’t protect the Internet alone – it’s a shared responsibility. Participating in conversations with all the stakeholders allows us to learn from others in the field and to share the Mozilla perspective.

In our ongoing efforts to make the internet safer, Firefox Security Lead Richard Barnes will be speaking on a panel at Stanford Law School’s February 2 event “Government Hacking: Assessing and Mitigating the Security Risk.” To attend in person, RSVP here. We’ll also recap it here on the blog.

This continues in the theme of several of the panels I participated in late last year. I discussed the future of cybersecurity and internet privacy with industry leaders late last year – see below to read excerpts and watch the videos, and let us know what you think!

As part of the Coalition for Cybersecurity Policy & Law, I went to a day-long symposium, “Cybersecurity Under the Next President.” I discussed the process by which the government decides if and when to disclose security vulnerabilities. This is known as the vulnerabilities equities process, or VEP, and it is an important part of Mozilla’s work toward a secure internet due to the lack of government transparency about its use.

On this panel, I spoke about reforms the government could take to improve the current vulnerabilities equities process. “In a perfect world I would like this process to be robust – and that may mean a legislative solution such that they have to undertake this process and they have to have certain interests at the table when they consider a given vulnerability. I want them to have a timeline and a process set out that helps us understand how long it takes to get from discovery or acquisition, to consideration to disclosure or nondisclosure. We want independent oversight and transparency to the process… into how it works and how the disclosure is handled. We want to make sure that civilian agencies whose mission is to create trust, secure the internet and secure the American people are involved and engaged in this process. Those steps would significantly increase trust. Making sure that everything goes through the Vulnerabilities Equities Process would be very helpful.”

Video from this panel can be found here.

The next day, I joined a panel of academics and policy experts at the Center for Internet and Society at Stanford Law to address how government and industry can work together to strengthen the process and discuss varied perspectives.

At this event, part of the series co-hosted by Mozilla, I joined experts to explain the biggest problems with the current vulnerabilities equities process. “It only sees a small fraction or some fraction of the vulnerabilities held by the government. Specifically as we move into a connected world – the internet of things – more agencies are going to come into contact with more exploits.”

That’s why Mozilla believes it’s essential for the government to codify the use of the vulnerabilities equities process. “If we can make this go across the government — make it broadly used, that would be a significant step forward. Of course we would have to adequately resource that.”

To watch the video of the panel, visit https://www.youtube.com/watch?v=lTwct5qMKC8.