Warning: looking at Cate's resume may make even the overachievers among us feel like they have some catching up to do.
Cate is a lawyer by trade and a C. Ben Dutton professor of law at Indiana University (IU). Currently a senior fellow for the Center for Applied Cybersecurity Research (CACR) and previously the founding director of CACR, Cate serves as a policy adviser on multiple private and public security boards in higher education, as well as at the state and federal level. Cate has written various papers and books on privacy and security, appears before Congress on these matters and has been honored with awards, including Who’s Who in the World and in the three most recent Computerworld listings of “Best Privacy Advisers.”
Cate says he has spent his 24-year career in academia dealing with the advent, expansion and proliferation of digital technologies and their impact on our lives. Cate served for 11 years as the director of CACR, which was created in 2003, in part as a response to the Sept. 11 attacks, but also in part as a response to the notion that higher education as an industry sector has some of the most advanced networks in the world.
CACR is unique because it not only deals with technology’s impact on security and privacy, but also the impacts of policy and behavioral issues. “The one thing that’s increasingly clear - in fact, I don’t believe it’s even controversial - is that the biggest challenges we face in cybersecurity aren’t technical, they’re behavioral,” says Cate. “I can build you a better mousetrap, I just can’t get you to use it, your institution to buy it or the instructions clear enough so people know how to use it.”
Reflecting on his work at the Center, Cate says he thinks what is most important is that he and his colleagues have helped a lot of people - inside of higher education and out - appreciate cybersecurity in a much more practical way. “Security and privacy tend to be issues where people get overwhelmed. It’s a 365x24x7 challenge and we use these scary terms like ‘asymmetric warfare’ and say things like, ‘The bad guys only have to win once, but when you’re defending you have to win every time.’”
Cate says this kind of rhetoric paralyzes non-experts and what he has tried to do in his career is not only make cybersecurity simpler, but also more manageable. Part of his ability to communicate this effectively goes back to his legal background.
“People might ask, ‘What’s a lawyer doing in this field?’ This isn’t a law field and, as far as I know, there isn’t a single cybersecurity program in the country that is headed by a lawyer,” says Cate. “It’s not that I am some sort of unique lawyer, it’s just that we need to think about these issues in a different way and need to be able to speak the language of the public, politicians and industry to effectively communicate.”