Niloofar Razi Howe's oral testimony:
Chairman Richmond, Ranking Member Katko, distinguished committee members, thank you for inviting me to speak today on the important topic of emerging cyber threats. My name is Niloo Razi Howe and for over two decades I have worked in the technology sector, including cybersecurity, as an investor, entrepreneur and executive.
When I first started working in technology, we had a utopian vision for the Internet and cybersecurity was a dark art that lived in its own silo. But as the Internet has matured and every aspect of our lives has become operationalized in this domain, the threat it represents has grown in kind and in effect, from IP theft, to cybercrime, espionage, hostile social manipulation, radicalization, and cyber war, the activity and malfeasance taking place affects all of society—it affects all of our businesses, not just critical infrastructure, it affects our government’s ability to provide services, and most importantly, it affects all of us, the people.
The same adversary that is infiltrating our defense industrial base is stealing IP from our companies, probing our infrastructure, and manipulating individuals. As Dan Geer famously said, “every sociopath is now your next door neighbor.”
There are no more silos.
And the problem is only getting bigger as we embrace new waves of technology innovation such as cloud computing, autonomous vehicles, small low orbit satellites with advanced sensor platforms, the Internet of Things (IoT), drones, distributed ledger technology, augmented and virtual reality. On the horizon we see the emergence of 5G and microsensor proliferation, autonomous weapons (for both military and private use), quantum computing, artificial intelligence and synthetic biology, to name a few.
People and businesses will not wait for security, laws and regulation to catch up before they embrace these technologies. They don’t have a choice. The Internet of Things, which has the potential to change industries at their core and create over $11T of economic gain, has well understood security issues. But these issues will not slow adoption down. Oddly, there is too much at stake to wait for security.
For the first time in human history the accelerating pace of technology innovation is outstripping our ability as humans to adapt and adjust our policies on a timeline that is relevant. Our adversaries have repeatedly shown that they can move faster than we do. They adapt and exploit technology while we grapple with its implications, emerging social norms, the uneven distribution of authorities and capabilities, and a political process that does not function at the speed of innovation.
While we study the problem, our adversaries have infiltrated our systems, exploited an already polarized society, and undermined the very foundation of our democracy: the belief that there is such a thing as objective truth because when there is no objective truth, the biggest liar wins.
We need a coordinated and collaborative whole of society approach to rise to the challenge of these emboldened adversaries that we are out of position to deal with. It is time for the United States to set a bold cyber agenda capable of restoring trust globally- trust in our technology, trust in our systems, trust in our infrastructure, and through that trust in our political system, our political process, and our leaders.
To be effective, our government will have to do this in partnership across the government and with the private sector and remove any barriers that prevent government agencies that have relevant information from sharing that information in real-time and with context with the entities that are most affected.
This collaboration must extend to our cities, which are overwhelmed and under-resourced. Their vulnerabilities are a homeland security issue, especially as we look at our election infrastructure and the threat of ransomware.
To have trust in our systems and infrastructure, we must commit to regaining our innovation edge and never again lose our seat at the standards setting table. As we look to the next waves of technology, especially AI and Quantum, falling behind is not about national pride, it is about national security.
We must have a strong and consistent cyber deterrence policy- something only the government can deliver on. Even the strongest walls will eventually succumb to a capable determined adversary if there is no deterrence.
Technology companies that are co-conspirators with our adversaries, that facilitate communications and propaganda networks, enabling destructive and chaotic social manipulation, need to be regulated.
To build resilience in society to social manipulation efforts, funding and incentivizing media literacy programs that teach the difference between fact, opinion, misdirection and lies, as well as research into deep fakes, must become a homeland security priority.
Finally, our cybersecurity workforce lacks diversity, lagging the technology sector by a significant margin. As we build programs to skill and reskill individuals to address the massive skills shortage, we must put in place the right incentives and mandate for diversity.
We need new perspectives and a new mental model for how we approach this threat. Our adversaries are agile, creative and persistent. Our technology landscape is ever shifting and the attack surface ever expanding. Preparing for the future requires a new organizational and operating model focused on persistent cooperation and collaboration at cyber speed.
I thank the Committee and look forward to your questions.