Skip to content
Who's in the Video
Michael Schrage examines the various roles of models, prototypes, and simulations as collaborative media for innovation risk management. He has served as an advisor on innovation issues and investments to[…]

Part of the reason you pay taxes is because the government needs to fund programs necessary for accomplishing its most fundamental goal: to protect its citizens’ rights and freedoms. Innovation expert Michael Schrage asks how far that responsibility extends into cyberspace. Just as the U.S. government will go after someone who crosses a border to commit heinous crimes, shouldn’t it also be obligated to defend its citizens who find themselves the victims of cyberattacks?


“To what extent is protecting American data assets in the U.S. and abroad the obligation and the duty of the government? How well-protected are we in that regard? I believe this is a policy and a question of great, not just national import, but global import because America is a leading nation both in terms of technology and in terms of vulnerability and it raises important questions about what constitutes self-defense in this regard.”

Michael Schrage: The Sony hack is a very interesting phenomenon. I think it sort of brings home some of the issues that people in other countries face. The way, for example, North Koreans have hacked South Korea and South Korean financial institutions. And Russians have hacked Ukrainian and Estonian institutions. The whole notion of cyberconflict either as a low-level or high-level conflict has become more and more important and more and more top of mind. And I think the most important takeaway is twofold. One is that "ordinary citizens" should be concerned about whether their data assets — and that includes everything from their social security numbers to their bank accounts to the way their mortgage is held. They should be concerned about how adequately protected that is. But not just — and this is important — not just by the financial institution or the retail institution, but by government. To what extent is protecting American data assets in the U.S. and abroad the obligation and the duty of the government? How well-protected are we in that regard? I believe this is a policy and a question of great, not just national import, but global import because America is a leading nation both in terms of technology and in terms of vulnerability and it raises important questions about what constitutes self-defense in this regard.

Do we run into the situation that we just say, "Well this is a crime so we’ll just have the FBI and law enforcement handle it."? Or is it something else? And, you know, I’m not a lawyer nor do I care to be one, but I think we want to be really, really, really, really, really careful about saying something like, "Oh, it’s just an act of vandalism," or, "Oh, it’s just a misdemeanor." When, in fact, it’s more threatening than that and we may be hurting the safety and security of our citizens by minimizing the kind of threats that are involved here. One last thing I’m going to say here is there is an analogy here, for those people familiar with policing, of a famous broken windows arguments, which is, you know, it’s a low-level crime, ignore it. And crime rates began to drop when we stopped ignoring seemingly minor infractions of the law. When we invested as a society in norms that demanded something other than the absence of, you know, just ignoring things at the margin, but demanding respect for the law. And this, in my view, this is as true outside of the borders of the United States as it is inside the border of the United States. And it’s particularly true when people come across the border of the United States to destroy, to destroy. "Vandalization" is a cute word — to destroy the assets of Americans in the United States. Not cool.

Directed / Produced by Jonathan Fowler and Elizabeth Rodd


Related