Introduction
A survey conducted during the most recent iteration of the Yale School of Management CEO Summit found only 28% of CEOs believe it is a corporate responsibility to strengthen U.S. cybersecurity. That is a surprising statistic given that up to 80% of the nation’s critical infrastructure rests within the control of private sector companies. This also is a surprise given the recent trend of corporate leaders taking public positions on matters previously considered the domain of politicians and activists. Now more than ever, it is the responsibility of corporate technology leaders to focus the C-suite and boards to invest in the security controls and processes needed to avoid becoming the next headline.
Now more than ever, it is the responsibility of corporate technology leaders to focus the C-suite and boards to invest in the security controls and processes needed to avoid becoming the next headline.
Technology leaders need to also understand they have a growing influence to help promote and define: 1) appropriate behavior in cyberspace and 2) the proper use of emerging technologies. These standards and norms should be in alignment with values that have undergirded democracies for hundreds of years. Of course, these norms encompass such values as individual privacy, justice, and equality – all of which intersect with technology issues today. This growing influence can be considered a “digital” soft power and will determine how technologies such as 5G, Artificial Intelligence (AI), facial recognition, and quantum computing will be inculcated into our lives.
Applying a New Soft Power
When American political scientist Joseph Nye first coined the term soft power, he stated it was a noncoercive power that was distributed through “cultural, ideological, and institutional mechanisms”. For much of the 20th century, American soft power was delivered through Hollywood movies and by strong American brands like McDonald’s and Levi’s jeans. Today, America’s ability to project soft power remains, but the central cast has changed. America’s most valued technology companies and its leaders are treated like rock stars when overseas; however, lesser-known companies and leaders can influence foreign economies. For example, Fintech in Africa is being enabled by the advent of smartphones and influenced by the innovation of western startup culture — which in turn has financially empowered Africans. A recent opinion piece in Forbes titled “Who will Capture the Merchant Payment Opportunity in Africa?” discusses the enormous opportunity to transform the African financial landscape. While implementing this change will be challenging, the transformation is being led by young African entrepreneurs whose startup environments are reminiscent of any in Silicon Valley. This is the desired outcome of applying digital soft power and America’s greatest evangelists are its technology leaders.
The American Edge Project, a non-partisan consortium that advocates for American digital leadership, states:
“By virtue of leading in technology services, the U.S. can shape the guidelines for how technologies are used abroad. Losing the innovation edge to techno-autocracies, however, would mean losing the ability to set international standards on new and emerging technology.”
The American Edge Project
The Edge Project makes it clear that technology leaders are on the frontlines of a new ideological battle. This battle between what it calls techno-democracies and techno-autocracies will decide the future rules for the global digital landscape. The current state of the global internet is that it remains a non-proprietary and (mostly) open architecture but with increasing vulnerabilities. Despite its security shortcomings, the global internet has made the world smaller leading to the empowerment of the global citizenry. However, there are authoritarian nations that seek to limit the open internet by censorship and exerting access controls.
For example, laws crafted in Russia and China require companies incorporated in those nations to share source code data with the government, as well as “catch-all” security laws that allow government intrusion for national security reasons. This is being played out today with China interfering in Chinese firm Didi’s IPO on an American stock exchange. Additionally, data localization laws implemented by Russia and China are beginning to influence nations in emerging markets, such as India and Vietnam. Data localization laws increase data storage costs to companies doing business in markets embracing this restrictive policy. Even more concerning is the abuse of emerging technologies like facial recognition which is being used by some authoritarian nations to suppress political dissent. Even in the west, facial recognition technology use is being questioned. Amazon suspended the use of its Rekognition software by law enforcement in the aftermath of the George Floyd murder. This was done to allow US lawmakers the opportunity to enact legislation to regulate how the technology is employed.
The Fight Starts on the Homefront
Promoting technology norms starts at home. Western corporations need to lead from the front and promote standards impacting technology use in their home countries. If technology companies and leaders fail to lead in this manner, then governments will dictate these standards to them. The US government is flexing its regulatory muscles with the energy industry in the wake of the Colonial Pipeline incident. The U.S. Transportation Security Administration (TSA) has used its oversight authority to mandate pipeline owners to alert the TSA when a cybersecurity breach occurs. President Biden’s Executive Order on “Improving the Nation’s Cybersecurity” also mandated actions companies must take to secure software if they intend to do business with the federal government. Many experts believe a more comprehensive set of executive actions and possibly laws are forthcoming regarding cybersecurity.
At the international level, a lack of binding norms and standards surrounding technology allows for its misuse. Without a Paris Accord-like agreement outlining acceptable behavior and consequences in cyberspace, we will continue to be in a state of ambiguity in which authoritarian governments can skirt informal agreements. Binding norms and standards-setting for emerging technologies, namely 5G and AI, are needed now to ensure these technologies have intrinsic value for use in western democracies. Opportunities abound for information technology leaders to participate in international standards-setting bodies.
Third Generation Partnership Project (3GPP) is the standard-setting body for 5G. Working groups are composed of company representatives who meet regularly to discuss current concerns as well as long-term implications for global telecommunications. Decisions in 3GPP are technology-driven and result from a consensus-based process open to all members.
The Alliance for Telecommunications Industry Solutions (ATIS) is the North American Organizational Partner for 3GPP. According to the ATIS 2021 Overview whitepaper, their Innovation Agenda has focused on “emerging technologies, including 5G, artificial intelligence, context-aware identity management, cybersecurity, smart cities, distributed ledger technology, unmanned aerial vehicles, among others”. There are dozens of Information, Communications, and Technology (ICT) companies already aligned with ATIS, thereby providing a mechanism for technology leaders to participate.
The Institute for Electrical & Electronics Engineers (IEEE) is the world’s largest technical professional organization dedicated to advancing technology for humanity. According to the IEEE website, “its members inspire a global community to innovate for a better tomorrow through highly cited publications, conferences, technology standards, and professional and educational activities. IEEE is the trusted ‘voice’ for engineering, computing, and technology information around the globe.”
Technology Startups Leading the Way
Lastly, I also want to discuss the emerging opportunity for small technology startups to lead technological innovation within the federal government space. The federal government (in particular the military) is more open than ever before in allowing the private sector to lead in technology innovation. This is a massive departure from the previous paradigm which after World War II and during the Cold War saw military requirements drive innovation. The military, having learned painful lessons from acquisition fiascos like the F-35 fighter program has started to look at smaller and more nimble companies to supply its technology needs. As such, we have seen the services start incubator-like technology hubs to facilitate interaction with startup companies. As an example, the Air Force created an entity called AFWERX which has awarded over $550 million in contracts to startups and is carefully moving forward with implementing this new process. The Pentagon recently opened up an office in the Bay Area called the Defense Innovation Unit (DIU). According to the DIU mission statement, their objective is to “strengthen national security by accelerating the adoption of commercial technology throughout the military and growing the national security innovation base. These developments provide another potential market and revenue stream for startups that frankly was not feasible five or ten years ago.
Conclusion
The verdict is in concerning technology’s role in shaping our way of life. Technology leaders have the influence to change corporate cultures, shape developing economies, and globally impact technology norms and standards. Looking back at the Yale CEO Summit, that same survey also indicated 15% of CEOs believed it was the responsibility of technology companies to strengthen U.S. cybersecurity. This tells me corporate America expects greater leadership from technology companies. Technology leaders need to understand their outsized influence and ensure their products are developed with security as a priority and a clear message about its benefits to society. Failure to do these things will leave corporations and their consumers at risk.
