On September 13, CLTC launched our Fall 2016 Lunch Seminar Series with a presentation by Tom Andriola, Vice President and Chief Information Officer (CIO) for the University of California System, who is responsible for overseeing technology across the UC’s 10 campuses, five health systems, and three national laboratories.
In his presentation, “Cybersecurity: The Master Problem for Tomorrow’s Internet World,” Andriola provided an overview of the diverse challenges that the UC System faces in tackling cybersecurity and other technology issues. He noted that, at the UC and other large organizations, the role of CIO role has evolved from that of “someone who makes sure the basics of technology work” to that of a strategic partner advising senior leaders. His mission, Andriola explained, lies in “building a program that balances the need for protection with the need for openness and academic freedom.”
Through his slide presentation, Andriola explained that there are five pillars in the university’s approach to mitigating “cyberrisk”: updated governance, enhanced risk management, adoption of modern technology, hardening the security environment, and systemwide cultural exchange. Because the UC System is so decentralized, Andriola said, his office focuses on empowering and supporting each unit, while helping UC System leaders (including the Board of Regents) understand that this is an “enterprise-wide risk management issue,” not just a technology issue.
“We measure it in terms of how covered we are,” Andriola explained. “What I’m trying to do is lower the risk profile. Risk takes away from opportunity, and what we want to maintain is maximum opportunity.”
Echoing the Center for Long-Term Cybersecurity’s own mission, Andriola said that maintaining a future-oriented approach is essential for preparing for current (and emerging) cybersecurity threats. “There’s no such thing as perfect protection,” he said. “We don’t control the threat, but we do control the organization’s readiness. To quote Wayne Gretzky, we ‘want to skate where the puck’s going to be.’ We have to think about, what’s the world going to be like in 20 years? Will the prevailing attitude be one of trust or paranoia? What will commerce and communication look like in 2025? There’s more at stake than just cybersecurity and protecting identity here. It’s about how the world will work tomorrow. And that’s the role of UC Berkeley: to ask how the world of tomorrow is going to work.”