The nation needs a new science of cyber security in light of evolving threats that could jeopardize more than just the security of information, a federal government computer security expert said at a Fordham event on Aug. 7.
The emergence of cyber-physical systems, such as those wired into cars, energy grids, and transportation networks, is one reality that shows the need for better approaches to cyber security, said George Strawn, Ph.D., director of the National Coordination Office for the federal government’s Networking and Information Technology Research and Development (NITRD) program.
“With a pure cyber system we worry about a threat costing us our identity; with a cyber-physical system, we can worry about a threat costing us our life,” he said, speaking on day three of the 2013 International Conference on Cyber Security (ICCS), hosted by Fordham and the Federal Bureau of Investigation.
He gave a wide-ranging talk, touching on many developments that could alter the information technology landscape in the years ahead, but regularly returned to one theme: the need for a more rigorous, scientific approach to cyber security that draws upon more than just computer science.
He described NITRD’s work in this area, saying “our general principles were to focus on root causes of vulnerabilities, to channel expertise from a wide range of disciplines … and seek to discover enduring principles of cyber security,” he said. “That is, can we make cyber security a science, as opposed to a bag of tricks.”
“The science of security is going to have social science in it as well as computer science,” he said. “It’s going to have all sorts of dimensions to it as it develops over this decade.”
He cited the need to quantify various information technology-related risks, in light of human tendencies such as the “novelty effect”—for instance, overestimating the dangers of flying in a plane while underestimating the risks of riding in a car.
“Psychology is always nipping at our heels as we talk about these things,” he said.
He also called for a new mindset among information technology professionals who say they can’t afford to spend too much time or money on security when inventing new systems.
“What was the old saying, ‘Act with haste, repent at leisure?’” he said. “Don’t try to add security later. Come up with a process of developing systems that include security from the beginning.”
For example, he said, half the cost of today’s high-end automobiles is information technology and software, but automotive engineers are “just in the process of learning about IT security.”
“It’s a good example of where security was not built in from the beginning,” he said.
He also extolled the value of public-private partnerships, noting that the Internet was initially developed by the federal government. “Disruptive technologies, where there’s considerably more risk and uncertainty, if you look over history, [have]almost always been led by the government,” he said.
Jared Cohen Photo by Michael Dames |
Jared Cohen, founder and director of Google Ideas, followed Strawn’s talk at the Lincoln Center campus, and told attendees to expect technology to change life on the planet in ways they can’t ever foresee.
He shared anecdotes and revelations that he gained from visiting 40 different countries along with Google Executive Chairman Eric Schmidt, as part of their research for The New Digital Age: Re-shaping the Future of People, Nations and Business. (Knopf, 2013).
What he found is that people in far-flung locales have a knack for finding ingenious ways to use technology to solve everyday problems. In Libya, schoolgirls used Google Maps to plot routes to school that avoided bomb sites. In Kenya, nomads are using smart phones to figure out the best market to sell their cows.
And in Pakistan, a network of women who’ve banded together for support after being disfigured by acid attacks have discovered new outlets to the outside world via the Internet. One woman even found a husband who was willing to overlook the damage to her face.
“These women are basically able to live their lives because of the Internet. So if you’re questioning some of the things you fear about connectivity, I would direct your attention to these Pakistani woman and remind you that it literally allows them to get up in the morning,” Cohen said.
When he visited North Korea last year, Cohen discovered that for every one of the one million legal, highly monitored cell phones in the country, there is another illegal one in use. Citizens risk not only being executed if they are caught with one, but also exposing their families to the death penalty.
“Not only do they take this risk once, they then take the risk again after getting the phone to go to the Chinese border to get a signal. So you think connectivity matters? It is a life or death issue in North Korea,” he said.
Cohen predicted that in the near future, five billion more people will come online, primarily through smart phones. Advances in voice recognition and translation will enable people from different countries to have phone conversations that are translated in real time. Medicine will be transformed via a pill that can gauge symptoms from inside you and relay them via wifi to your phone.
Cohen laid out three challenges that lay ahead: revolutions, terrorism, and “strange dynamics” between states.
The Arab Spring demonstrated that technology can speed up revolutions, but the flipside is that it takes longer for them peter out.
When it comes to terrorism, what is most worrisome is not a Pearl Harbor-level cyber attack, but a cyber attack paired with a traditional physical attack. Fortunately, the days of running a terrorist cell out of a remote cave are ending, and every time a terrorist is forced to go online, it presents another opportunity to trip up and be discovered.
Finally, the open nature of the Internet poses challenges to states that would prefer to control it by using filters to create a different online experience for citizens, he said.
“We have to fight against this, because the balkanization of the Internet will do more than just break the Internet, it will break our society,” he said.
“It used to be that geo-politics was only relevant to people in the public sector. Now we’re all caught in the crossfire of geo-politics, whether we like it or not.”
ICCS 2013 ran through Aug. 8. For more coverage, visit @FordhamNotes and @ICCSNY on Twitter at #ICCS, go to Fordham’s webpage, or visit Fordham’s blog, Fordham Notes.