Timothy Clancy at Pace to Talk About Cyber Security Policy

Earlier this afternoon, Timothy Clancy of Arch Street LLC gave a presentation on Cyber Security at Pace. Cyber Security is one of Seidenberg’s 4 academic initiatives and an incredibly fruitful field for academics and careers. 

Clancy spoke of Cyber Security in terms of 5 paradigms under the umbrella of Critical Infrastructure Protection. These paradigms include Law Enforcement, Military, Intelligence, Diplomacy, and Economics with economics being the focal point of Clancy’s presentation.

Clancy described Cyber Security as a socio-technical issue rather than just a technology issue. The faults can lie in many aspects of a program, and breeches in security are surrounded by ambiguity. Everyone wants to know: who is organizing the attack, what are they attacking, from wherehow, and what are the consequences? And to answer those questions, Clancy prompts: ‘Who ya gonna call?’ The Ghostbusters won’t help in most cases, so who is available? DHS? DoD? CISCO? DOJ? Or are they (like CISCO, for example) the ones selling vulnerabilities in a box? These are the problems that engineers and policymakers are up to their necks in. In response to these issues, Clancy mentions Dan Geer’s statements (Dan Geer is a Computer Security and Risk Management specialist associated with MIT and CertCo) about problems engineers must tackle when programming, “Fast, Cheap, Reliable. Choose two,” and similarly for policymakers, “Freedom, Security, Convenience. Choose two.”

On a graph, the space between network complexity over time and security over time has grown exponentially since the mid 1980s. If this pattern continues (which has a high likelihood), Clancy states that Cyber Security will provide “jobs for life if [one is] willing to go into it,” and the most useful tools for tackling issues of governance, liability, and insurance against security attacks are research and education. Both research and education of Cyber Security are held at high importance here at Seidenberg.