HELPING LAW KEEP PACE WITH TECHNOLOGY
David Hickton
Technology moves fast, David Hickton says—but the law moves slowly.
Hickton describes this as the driving principle behind his work. As a United States attorney in 2014, he led a first-of-its-kind cybercrime prosecution for theft of U.S. intellectual property against a unit of the People’s Liberation Army of the People’s Republic of China. In 2017, he became the founder of the Pitt Cyber Institute for Cyber Law, Policy, and Security.
“Applying law to digital space is what I’ve been a missionary about for many years,” explains Hickton. “We’re trying to make sure that law and policy catch up to technology in the digital world by being a trusted, informed, nonpartisan source of data to drive policy.”
One focus of Pitt Cyber is election security. In 2018, Hickton led a commission to review Pennsylvania’s outdated election infrastructure, in part given its status as a battleground state in national elections. Hickton describes this as a bipartisan effort with members reflecting the state’s political, geographic and demographic diversity.
“Every incident I have investigated had two components: the present crime and the probing component. The probing is designed to measure our response.”
“We looked at antiquated and exposed election machinery that would allow any malign actor to subvert our democracy,” Hickton says. “We are proud of the report, and our recommendations were taken up. It’s a feather in Pitt’s cap.”
In the 2020 presidential and subsequent elections, Pennsylvania’s updated voting systems functioned without any significant hitches.
Although language like “election security” has since become politicized, Hickton says the motivation in 2018 was driven by clear evidence that Russia was interfering in elections as a matter of strategy, not only in the United States but throughout Eastern and Western Europe.
Pitt Cyber is also concerned with protecting against attacks on infrastructure. Last November, the water authority in the small Pennsylvania city of Aliquippa outside of Pittsburgh was the target of a malware attack.
Why attack such a small population center? Hickton believes the attack was a dry run.
“Every incident I have investigated had two components: the present crime and the probing component. The probing is designed to measure our response.”
Hackers, Hickton says, go to vulnerability. A system is in danger if it does not have robust security, like a smaller utility or hospital. These vulnerabilities can also create a larger danger because of the many digital linkages within and between U.S. industry, government and research institutions. He describes the tension as one between security and interoperability. Modern efficiency and communication call for systems to be able to communicate and for users to have wide access to information. Cybersecurity requires that systems be as separate as possible.
Fully digital systems, Hickton says, require full digital protection.
“We only have two choices for security in a digital world. We can neglect security and suffer the pain. Or we can prepare and prevent attacks.”