A favorite national pastime is to complain about Congress. But how many of those complaints — and the rather sparser retorts to them — are informed by first-hand knowledge? An IEEE-USA Congressional Fellowship offers an opportunity not only to watch “how the sausage gets made,” but to participate. More importantly, fellows perform important public service by bringing science and engineering expertise to policymaking at the highest levels.
Every Congressional office has a unique character depending on the member’s personality, interests, district, committee assignments, party, chamber, seniority, and staff. An incoming fellow needs to be prepared to be surprised, and to adapt. In my case, I arrived expecting my background in Artificial Intelligence to possibly inform legislation on AI ethics, economic competitiveness, or the future shape of an automation economy. Instead, I landed in an office that specializes in a topic I initially knew very little about — cybersecurity policy. Little did I anticipate the fascinating stories that would play out.
2020-2021 turned out to be a very exciting year for cybersecurity. My boss, Representative Jim Langevin [D-RI-2] is a foremost Congressional leader on the topic. His rule of thumb says that real progress occurs when three things converge: an underlying problem; a solution ready to go; and a crisis to serve as catalyst.
The underlying problem is clear: in the information age, national and economic security depends on computers and networks working as intended in the face of malicious hackers. The hackers are growing in number and guile.
The solution is a work in progress, but is in large part outlined by a Congressionally sponsored project called the Cyberspace Solarium Commission. On my first day in the office, my supervisor, the Congressman’s Legislative Director, handed me a copy of the commission’s 174-page report and said, our job is to implement the Commission’s legislative strategy, and by the end of your fellowship, you will know these pages intimately. I was again a wide-eyed freshman — and it was exhilarating.
The final ingredient to political progress is a crisis that motivates action. How could cybersecurity take priority while the rest of the world is on fire with the Covid-19 pandemic, climate change, and infrastructure plans? Unfortunately, a wave of cyber incidents made headlines: SolarWinds, Microsoft Exchange, Colonial Pipeline, JBS Meatpacking, Kasaya Managed Services. These were in addition to myriad ransomware attacks and data breaches that have come to plague the internet.
Over the course of the 2020-2021 fellowship year, growing awareness of cybersecurity — or more accurately, cyber insecurity — generated dozens of briefings, webinars, hearings, bills, amendments, press reports, interviews, and meetings among principals. It was my privilege to tag along, listen in, take notes, and from time to time, substantively contribute talking points, bill language, and briefings. Actual legislation signed into law is important, but a lot of progress happens as well through thought leadership and consensus building that leads up to those points.
Along the way, I learned about complexities of policymaking and governance that few citizens take the chance to appreciate. Responsibility for security in cyberspace falls in many directions, and a complex multi-way dance takes place between major categories of actors:
- Congress in its capacity for legislation and oversight
- the civilian Executive Branch that implements policy and spans not just CISA (the Cybersecurity and Infrastructure Security Agency), which resides in the Department of Homeland Security, but also Energy, Health and Human Services, State, and other departments
- cyber defense and intelligence operations
- the vast array of industries, institutions, and interest groups that comprise the private sector
Melding cooperation among these parties is an intellectual skill and a diplomatic art.
The security challenge is even more daunting when we view cybersecurity in the larger context of information security. Not only are our computers and networks at risk, but our news and information sphere has proven susceptible to disinformation, influence operations, and malign agitators. To foreign adversaries, technical cyber and political influence operations are two sides of the same coin. Our confusion and societal distrust are their strategic objectives.
My fellowship afforded the opportunity to explore this emerging arena as well, which sometimes goes by the name, Cognitive Security. A nascent ecosystem of academic, think tank, and commercial interests is emerging with the aims of tracking online troll farms, deconstructing social media influence campaigns, and studying policy options to improve civil discourse.
Working from home in the time of Covid, I attended over 75 webinars, read dozens of whitepapers, and wrote some of my own. Whereas technical cybersecurity policy brings bipartisan collaboration, Cognitive Security touches hot-button issues of free speech and political ideology. Congress is very much a democratic institution, and if the citizenry is polarized, so will be our representatives.
One surprise to me was how strongly the workings of Congress depend on the fourth estate. In addition to high-profile television and print outlets, a host of trade journals, bloggers, and think tanks are constantly rooting out information on specialized topics, then summarizing, analyzing, quoting, and cross-linking. Cybersecurity is a both a problem space and an industry unto itself, and without the coverage of niche journalists, those working in government would be much less aware of the landscape.
A favorite national pastime is to complain about Congress. After my year as a Congressional Fellow, I am better equipped to explain that most caricatures overlook the tremendous amount of good and important work that gets done. If a job doesn’t present frustrations, it wasn’t all that hard to begin with. And the work of democracy is hard. I am grateful to IEEE-USA for creating the opportunity to pitch in.
Dr. Eric Saund’s Fellowship was supported through member donations to the IEEE-USA Fund, which is administered by the IEEE Foundation. Donations to support IEEE-USA programs are welcome and can be made at: https://ieeeusa.org/about/giving-opportunities/ |
Eric Saund, Ph.D., is a research scientist and developer with a broad background spanning Cognitive Science, AI, Conversational Agents, Computer Vision, Robotics, Machine Learning, User Interface Design. As a 2020-2021 IEEE-USA Congressional Fellow, Dr. Saund worked in the office of Representative James Langevin [D-RI-2], where he worked on cybersecurity policy and cognitive security.