Quick Links
- Directors' Letter
- A Focus on the Future: Cybersecurity Futures 2030; Alternative Digital Futures; Developing Tomorrow's Security Leaders; CLTC 2022 Research Grantees
- Helping Leaders Act on Foresight: AI Security Initiative; Corporate Governance and Digital Security; CLTC White Papers; Promoting Dialogue
- Expanding who Participates in Cybersecurity: Cyversity Partnership; Public-Interest Cybersecurity; AI Policy Hub
- Looking Ahead
Directors' Letter
From ChatGPT and autonomous vehicles to virtual reality and deepfakes, the past year has brought plenty of reminders that the landscape of digital security is evolving rapidly, often with unexpected or unintended consequences.
At the UC Berkeley Center for Long-Term Cybersecurity (CLTC), we look over the horizon of the digital frontier to identify challenges likely to emerge in the coming years. By thinking broadly about how tomorrow could unfold, we’re helping leaders in government, industry, and civil society make more informed strategic decisions today.
2022 was an exciting year for CLTC. We were honored with the UC Berkeley Chancellor’s Award for Research in the Public Interest, we redesigned our website, we welcomed the School of Information's Andrew Reddie as our new Faculty Co-Director, and we moved into a new collaborative office space in Sutardja Dai Hall. We also launched several new initiatives focused on shaping a better digital future:
- We kicked off Cybersecurity Futures 2030, a multi-phase scenario project aimed at exploring how digital technologies and society could evolve between today and 2030 — posing new risks and opportunities for private citizens, industry, and governments. This initiative extends our flagship futures series, which previously explored scenarios for 2020 and 2025.
- We’ve continued to expand the model of our trailblazing Citizen Clinic through our leadership in the Consortium of Cybersecurity Clinics, which is helping establish university-based cybersecurity clinics across the US and beyond.
- We welcomed our first cohort of fellows to the AI Policy Hub, a program developed in partnership with the CITRIS Policy Lab to support groundbreaking, policy-relevant research on diverse issues related to artificial intelligence.
This report provides an overview of some of the highlights from CLTC’s work in 2022. We hope you will join in and support us as we continue to advance our mission to amplify the upside of the digital revolution, help today’s decision-makers act with foresight, and expand who has access to and participates in cybersecurity. We are grateful for all of our supporters, including the CLTC External Advisory Committee (EAC), who support CLTC through fundraising and advocacy, helping to expand CLTC’s visibility, network, and impact.
Scroll down to read about select highlights from CLTC’s activities in 2022.
A Focus on the Future
How might digital technology — and society broadly — evolve between today and the year 2030? And how can today’s decision-makers begin to prepare for these possible futures?
These questions are at the heart of Cybersecurity Futures 2030, launched in 2022 in partnership with the World Economic Forum’s Centre for Cybersecurity to examine how digital security could transform over the next five to seven years. The resulting scenarios, reports, and convenings will help decision-makers in government, industry, academia, and civil society anticipate and address the cybersecurity challenges of the future.
RIght: We kicked off the Cybersecurity Futures 2030 project in September at an event at Swissnex, in San Francisco, featuring a panel discussion led by Dr. Andrew Reddie on technologies, trends, risks, and opportunities that will shape the future of cybersecurity.
Learn more about Cybersecurity Futures 2030 — including how your organization can get involved.
Alternative Digital Futures
In early 2022, CLTC issued a call for researchers from UC Berkeley to pursue projects exploring “alternative digital futures,” focused on how the future of digital security could or should be reimagined to be more inclusive of diverse perspectives. We invited graduate students from fields not usually associated with cybersecurity, including Indigenous Studies, African American Studies, Anthropology, STS, Gender and Women’s Studies.
Among the scholars who participated was Juliana Friend, an anthropologist working at the intersection of health equity and tech policy, who conducted research focused on understanding how sex workers in Senegal experience online privacy and security. Read a conversation between Friend and a pair of Senegalese activists.
Left: “Cybersexurity (pt.1)” by Conor Caplice was created as part of The Cybersecurity Visuals Challenge, an initiative focused on finding new ways to communicate about cybersecurity.
Developing Tomorrow's Cybersecurity Leaders
The need for cybersecurity professionals has never been greater. Through our partnership with the UC Berkeley School of Information’s Master of Information and Cybersecurity (MICS) degree program, and innovative programs like Citizen Clinic, UC Berkeley’s trailblazing cybersecurity clinic, CLTC is helping to develop a pipeline of well-rounded professionals with the skills necessary to tackle a diverse range of digital security challenges.
The Future of Cybersecurity Working Group has been fully enrolled in all nine semesters that it has been offered. Led by Professors Andrew Reddie and Chris Hoofnagle, the group engages students with multidisciplinary scholarship in cybersecurity, and requires them to lead group discussions about exciting ideas in cybersecurity.
The CyberMētis: The Practice of Cybersecurity speaker series gives Berkeley students the opportunity to engage with practitioners in the field, and encourages creativity and thinking outside the box. The speaker series shows students that the cybersecurity field is diverse, with careers that benefit from developing both soft and hard skills. Past speakers have included Jessica Peck, a computer crime and intellectual attorney with the U.S. Department of Justice; Clifford Stoll, astronomer and author of The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage; and Sean Zadig, Chief Information Security Officer for Yahoo.
CLTC 2022 Grantees: Supporting Original Student Research
The 2022 Cal Cybersecurity Research Fellowship, an award made possible by a generous gift from an anonymous donor, was awarded to graduate students Emma Lurie, who studies how policy choices shape the online election information infrastructure; Conor Gilsenan, who studies how to make multi-factor authentication (MFA) more usable; and Team Kohana, a group of students from the School of Information who developed a method of rapidly detecting adversaries on cloud infrastructure.
CLTC also awarded 2022 Research Grants to 11 different student-led groups working on important digital security issues at the intersection of technology and society — topics like gender-specific online abuse, privacy regulation and compliance, and the implications of targeted advertising on individuals with stigmatized health identities, among others.
Left: CLTC grantee Dagin Faulkner, a PhD Candidate in the UC Berkeley Department of City & Regional Planning, studies the transaction costs that city governments incur when complying with cybersecurity standards and responding to cyber threats. "I received generous support from CLTC that allowed me to attend conferences and access scholarly and trade publications that have enriched my knowledge of the dynamic and critical field of cybersecurity," Faulkner said.
Helping Leaders Act on Foresight
CLTC's Artificial Intelligence Security Initiative (AISI) works to ensure that AI-based technologies are guided by strong standards for safety, fairness, and ethics. In 2022, CLTC researchers Jessica Newman, Tony Barrett, and other UC Berkeley colleagues provided input that strengthened NIST’s AI Risk Management Framework (RMF) to support human rights, eliminate bias, and reduce inequality. They also developed a novel taxonomy to help organizations develop and deploy more trustworthy AI technologies, and they are leading an effort to create an AI risk management-standards profile for increasingly multi-purpose or general-purpose AI, such as cutting-edge large language models. (Read Jessica Newman's article in Tech Policy Press on key takeaways from the NIST AI Framework.)
Through our Internet Atlas project, CLTC researchers are seeking fine-grained answers to questions related to governance of the internet, and we are helping educate students and policymakers through MLFailures, the world's premiere teaching materials for gaining hands-on experience with machine learning fairness.
Corporate Governance and Digital Security
How could digital security sit beside climate and workplace safety as mainstay elements of corporate responsibility? CLTC has been exploring this question with a focus on ESG reporting among companies, investors, and NGOs. Led by Postdoctoral Scholar Jordan Famularo, we convened a series of working groups to drive a forward-looking research agenda on this topic. (Read about findings of this research on our blog, the CLTC Bulletin.)
Meanwhile, CLTC researchers are advancing important research on the impacts of privacy laws like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This research will help inform policymakers and organizations as new privacy laws continue to emerge and evolve in the years ahead. (Read about key findings from this research here.)
CLTC White Papers: Translating Research Into Action
Choices, Risks, and Reward Reports: Charting Public Policy for Reinforcement Learning Systems, by Thomas Gilbert and other researchers affiliated with the Artificial Intelligence Security Initiative (AISI), examines potential benefits and challenges related to reinforcement learning, and provides recommendations to help policymakers ensure that RL-based systems are deployed safely and responsibly.
Moving Left and Right: Cybersecurity Processes and Outcomes in M&A Due Diligence, by CLTC Faculty Co-Director Andrew Reddie and School of Information student Prakash Krishnan, a graduate student in the UC Berkeley School of Information’s Master of Information and Data Science (MIDS) program, presents a model framework to help organizations improve their consideration of cybersecurity risk as part of a merger or acquisition (M&A).
AI’s Redress Problem: Recommendations to Improve Consumer Protection from Artificial Intelligence, by Ifejesu Ogunleye, a graduate of the Master of Development Practice program at UC Berkeley who conducted the research as a graduate researcher at the AISI, provides recommendations for policymakers, corporations, and civil society organizations to create pathways for affected individuals or groups to seek redress when they are adversely affected by AI-baed technologies.
A Secure and Equitable Metaverse: Designing Effective Community Guidelines for Social VR, by Rafi Lazerson, an Alternative Digital Futures Researcher and Masters of Public Affairs (MPA) graduate of the UC Berkeley Goldman School of Public Policy, calls upon Meta and other technology-makers to establish stronger, clearer guidelines to reduce the potential harms of “social virtual reality,” or social VR.
Promoting Dialogue
Expanding who Participates in Cybersecurity
CLTC is committed to expanding who participates in cybersecurity and other technology-related fields. In 2022, we continued our partnership with Cyversity, a national organization that seeks to improve the representation of women and underrepresented minorities in the cybersecurity industry. In June, we co-presented a panel on “Creating A More Diverse Cybersecurity Workforce,” held at Google’s headquarters, concurrent with RSA Conference. We supported a group of MICS students to attend Cyversity's national conference and present their research. And in December, the two organizations convened a special end-of-year event at Berkeley’s David Brower Center to celebrate our partnership.
Shown here (from left to right): M.K. Palmore, Director of the Office of the CISO at Google Cloud and Cyversity Bay Area Lead for Cyversity; Ann Cleaveland, Executive Director of CLTC; Rob Duhart, Vice President and Deputy Chief Information Security Officer (CISO) at Walmart; and Larry Whiteside Jr., Chief Security Officer for Women’s Care Enterprises and Co-Founder and President of Cyversity.
Doubling Down on Public Interest Cybersecurity
“Public interest cybersecurity” describes the broad effort to provide digital security assistance to organizations below the so-called “cyber poverty line,” such as small hospitals, community non-profits, and local governments (among others), and to empower them to use technology to fulfill their missions, defend against digital threats, and build digital resilience.
In 2022, Sarah Powazek (shown here) joined CLTC as our first-ever Program Director of Public Interest Cybersecurity. Powazek is working with partners across the nation to expand the public interest cybersecurity field. "I am most excited to continue strengthening partnerships between technical practitioners and those who need their help most," Powazek said in an interview.
Read an interview from Government Technology featuring CLTC’s Ann Cleaveland discussing the importance of expanding new cybersecurity clinics at colleges and universities around the country to provide pro bono assistance to their communities.
Read an article in The Thread, a blog from New America, about the importance of cybersecurity in public interest technology, and the role of cyber civil defense — including cybersecurity clinics like the UC Berkeley Citizen Clinic — in tackling growing cyber threats.
Read an op-ed in Brookings TechStream by CLTC postdoctoral researcher Jordan Famularo and former postdoctoral researcher Richmond Wong explaining how the technology industry can help protect the privacy and security of users’ reproductive rights in the post-Roe v. Wade era.
AI Policy Hub Welcomes Inaugural Cohort
Artificial intelligence is rapidly transforming domains ranging from criminal justice and healthcare to traffic control and journalism. Together with our partner, the CITRIS Policy Lab, we welcomed the first cohort of graduate student researchers to the AI Policy Hub, an interdisciplinary initiative that trains researchers to develop effective governance and frameworks to help policymakers and other AI decision-makers act with foresight in rapidly changing social and technological environments. Shown here (from left to right):
- Alexander Asemota, a third-year PhD student in the statistics department, studies the development of realistic metrics for counterfactual explanations in AI.
- Micah Carroll, a PhD Student in the Department of Electrical Engineering and Computer Sciences, researches manipulation incentives in recommender systems that maximize long-term engagement.
- Angela Jin, a PhD Student in the Department of Electrical Engineering and Computer Sciences, studies the design of sociotechnical systems to help defense attorneys adversarially test the reliability of evidentiary statistical software in the U.S. criminal legal system.
- Zoe Kahn, a PhD Student in the School of Information, explores how AI/ML systems may result in unanticipated dynamics, including harms to people and society.
- Zhouyan Liu, an MPP Student in the Goldman School of Public Policy, conducts empirical studies on China’s technology policy, digital surveillance and privacy. (Read an interview with Zhouyan Liu in ExecutiveBiz.)
- Cedric Whitney, a PhD student at Berkeley’s School of Information, explores how algorithmic disgorgement (machine unlearning) can be effectively wielded in both compliance efforts and prospective legislation.
Looking Ahead to 2023
We're excited to build on our momentum throughout 2023 and beyond. In June, we will be hosting the Cyber Civil Defense Summit, a one-of-a-kind gathering of cyber defenders, academics, and policymakers with the mission of protecting our most vulnerable public infrastructure. This year's theme is Innovation, and we will be showcasing creative programs across the country, including university-based cybersecurity clinics, state cyber corps, regional cyber mutual aid, private sector volunteerism, operational collaboration, and more.
Our Cybersecurity Futures 2030 project will continue this summer with a series of global workshops hosted in partnership with the World Economic Forum’s Centre for Cybersecurity. This fall, we will publish the scenarios and findings from the workshops in a report that will help decision-makers in government, industry, and civil society anticipate cybersecurity challenges and seize opportunities that lie over the horizon.
Led by CLTC post-doctoral scholar Hanlin Li, we will be continuing our groundbreaking research on content scraping and privacy at scale, exploring questions at the intersection of technology, policy and ethics — questions that are more urgent than ever as advances in generative AI dominate headlines.
Our CyberMētis speaker series will focus on promoting interaction between students and practitioners, and we will be expanding the Future of Cybersecurity working group, including by developing new collaborations that will enable students to explore new fields, such as app forensics.
Left: A rendering of The Gateway, a new hub for cross-disciplinary research set to open in 2025 that will house CLTC, as well as UC Berkeley’s Division of Computing, Data Science, and Society (CDSS) and other centers.
Help us amplify the upside of the digital revolution! We invite your engagement and support.
Visit our website, sign up for our newsletter, or contribute to our cause!
Last but not least, we offer heartfelt thanks to our valued philanthropic partners and contributors, who propel CLTC’s future. Special thanks to Fidelity Charitable Trustees' Initiative, Okta for Good, the Omidyar Network, the Future of Life Institute, and Repsol for joining CLTC’s community of supporters in 2022; to Craig Newmark Philanthropies, for its generous investment in #cybercivildefense, including cybersecurity clinics at Berkeley and our growing Consortium; and to many individual alumni and friends of UC Berkeley, our valued External Advisory Committee, and the William and Flora Hewlett Foundation, whose visionary support helped establish CLTC in 2015.