Earlier this afternoon, Timothy Clancy of Arch Street LLC gave a presentation on Cyber Security at Pace. Cyber Security is one of Seidenberg’s 4 academic initiatives and an incredibly fruitful field for academics and careers.
Clancy spoke of Cyber Security in terms of 5 paradigms under the umbrella of Critical Infrastructure Protection. These paradigms include Law Enforcement, Military, Intelligence, Diplomacy, and Economics with economics being the focal point of Clancy’s presentation.
Clancy described Cyber Security as a socio-technical issue rather than just a technology issue. The faults can lie in many aspects of a program, and breeches in security are surrounded by ambiguity. Everyone wants to know: who is organizing the attack, what are they attacking, from where, how, and what are the consequences? And to answer those questions, Clancy prompts: ‘Who ya gonna call?’ The Ghostbusters won’t help in most cases, so who is available? DHS? DoD? CISCO? DOJ? Or are they (like CISCO, for example) the ones selling vulnerabilities in a box? These are the problems that engineers and policymakers are up to their necks in. In response to these issues, Clancy mentions Dan Geer’s statements (Dan Geer is a Computer Security and Risk Management specialist associated with MIT and CertCo) about problems engineers must tackle when programming, “Fast, Cheap, Reliable. Choose two,” and similarly for policymakers, “Freedom, Security, Convenience. Choose two.”
On a graph, the space between network complexity over time and security over time has grown exponentially since the mid 1980s. If this pattern continues (which has a high likelihood), Clancy states that Cyber Security will provide “jobs for life if [one is] willing to go into it,” and the most useful tools for tackling issues of governance, liability, and insurance against security attacks are research and education. Both research and education of Cyber Security are held at high importance here at Seidenberg.
I found Tim Clancy’s economics-focused delivery of Cyber Security Policy unique – he made clear how our risk regulatory regimes are difficult and unworkable because computer science technology and complexity is evolving much faster than the standards, policies and best practices needed to secure them in our current economic paradigm.
This leaves an ever-widening security gap, a trough on Tim’s graph entitled “Compliance Failure”.
This translates to full employment for everyone ready to join the knowledge community of cyber security. Tim said that all of us (in the auditorium audience) can be employed all our lives in this field!
If the future of Cyber Security relies on education and research, students will also need to compliment their javascript skills with anthropology and psychology courses. We can no longer “trust” that corporation leaders will protect shareholders.