November 22, 2013
Colloquium Speaker: Paul Rosenzweig
Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company, and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Distinguished Visiting Fellow at the Homeland Security Studies and Analysis Institute. He also serves as a Professorial Lecturer in Law at George Washington University, an Adjunct Professor at the Near East South Asia Center for Strategic Studies at the National Defense University, a Senior Editor of the Journal of National Security Law & Policy, and as a Visiting Fellow at The Heritage Foundation. In 2011 he was a Carnegie Fellow in National Security Journalism at the Medill School of Journalism, Northwestern University, where he now serves as an Adjunct Lecturer.
Mr. Rosenzweig is a cum laude graduate of the University of Chicago Law School. He has an M.S. in Chemical Oceanography from the Scripps Institution of Oceanography, University of California at San Diego and a B.A from Haverford College. Following graduation from law school he served as a law clerk to the Honorable R. Lanier Anderson, III of the United States Court of Appeals for the Eleventh Circuit.
He is the author of Cyber Warfare: How Conflicts in Cyberspace are Challenging America and Changing the World and of the video lecture series, Thinking About Cybersecurity: From Cyber Crime to Cyber Warfare from The Great Courses. He is the coauthor (with James Jay Carafano) of Winning the Long War: Lessons from the Cold War for Defeating Terrorism and Preserving Freedom and co-editor (with Timothy McNulty and Ellen Shearer) of National Security Law in the News: A Guide for Journalists, Scholars, and Policymakers.
Some speak of a “cyber Pearl Harbor.” Others, even more apocalyptic, speak of a “cyber Armageddon.” The more measured talk of cyber “insurgency” or simply Chinese espionage. However we characterize the threat, two questions bedevil any effective response: How? and Who? This lecture will focus on the latter question – who is responsible and how is the overall responsibility to be divided? In Washington today, debates rage over the role of government in setting cybersecurity standards for critical infrastructure and whether the Department of Homeland Security (or the National Security Agency) should be responsible for collecting and sharing threat and vulnerability information with private sector actors in the cyber domain. In short, what do law, economics and policy tell us about the nature of public/private cooperation in cyberspace? Why does it work the way it does?
To understand the nature of public sector/private sector cooperation, we must understand the fundamental economics that drive cybersecurity. That leads to the conclusion that in this distributed and dynamic domain (unlike, say, in the kinetic world) the government ought to have a very limited role in providing for a “common defense” of cyberspace. Given its structural limitations the government has only a modest ability to regulate the cyber domain to control for externalities.