Hours after North Korean Leader Kim Jong Un fired a long-range missile that splashed into the Sea of Japan, Franklin & Marshall Assistant Professor of Government Nina Kollars delivered a cybersecurity lecture to the White House National Security Adviser and his staff.
“It was a big day for them because North Korea had just launched an ICBM,” Kollars said. She told them, “I fully accept that you guys are thinking about something else right now.”
Kollars’ Nov. 29 lecture to H.R. McMaster and 100 NSC staff, who gathered in a conference room in the Eisenhower Executive Office Building, lasted about an hour and was followed with a private lunch with McMaster and a walk across the way for an Oval Office tour.
“I talked to the National Security Council about emerging trends in what’s called the ‘white-hat’ hacking community,” she said. “I was trying to explain to them that cybersecurity, as they well know, is a national security problem.”
Kollars, whose research includes military organizing and planning innovations, discussed the rising trend of about 100,000 independent cybersecurity researchers willing to work on increasing the defensive posture of the United States.
“I wanted them to see that trend, to see that this workforce is growing, and to understand how this community contributes to better, stronger internet defense,” Kollars said. “China and Russia are already learning to leverage the talents of this community. So, in that sense, we are in competition with those countries to harness that talent.”
About half the community that works on behalf of the U.S. is from such countries as India, Pakistan and Morocco, the implications of which complicates matters, Kollars said.
“We’re rewarding them for that work, but that does not mean we can stop them if they find vulnerabilities that they can sell to Russia or China,” she said. “There’s a potential for a black market here, so the question is ‘How do we incentivize so they sell to us and not to others?’”
While many of these independent cybersecurity researchers are educated at institutions in their own countries, “A good chunk of them are not formally educated,” Kollars said. “They’re self-taught because they’re hackers.” She said those in the more mature “American hacker herd” have day jobs as researchers and spend their spare time on independent cybersecurity.
“The federal government is only now understanding that this is something we can leverage,” she said. “There’s a lot of potential here.”
Kollars delivered her lecture at the invitation of the National Security Adviser. It was the second in a series that McMasters started to challenge his staff “to learn constantly and create new ideas,” Kollars said.
McMaster follows her research, which appears in military journals on strategy and survival. In August 2016, while serving as deputy commanding general of the Army Training and Doctrine Command, McMaster invited Kollars to lecture on weapons and acquisitions processes.
“He and I share thinking on military innovation and military change,” Kollars said. “He brings me not just to talk about the security threat of cybersecurity, but to talk about the solution sets and the ways that new ideas are getting created.”