On July 18, I’m giving a keynote talk in Las Vegas at Worldcomp 2011 (the World Congress in Computer Science, Computer Engineering, and Applied Computing). I’ve enclosed the abstract of my presentation, below. The talk will be in the Lance Burton Theater at the Monte Carlo Resort and Casino. I’m told that the audience is likely to be around 1000 people, so there won’t be much opportunity for comments from the audience.
I have most of the talk prepared, but I thought I would ask, ahead of time, if anyone has some thoughts on the topic/abstract that I should consider before I finish my preparations. I can’t share the talk ahead of my presentation — sorry. I may not be able to respond to every email, but I’ll try. Any and all comments will be appreciated.
If you have any comments or ideas you think I should consider, please share them with me by email.
My talk is partly informed by things I’ve written about in my CERIAS blog over the last 3 years, and by a JASON report, The Science of Cyber Security, from November 2010. (Many people hailed that Jason report, but I think they missed the mark in several places.) Of course, I also am applying 30 years in computer research and applied computing, but I don’t have a specific link for that!
The Nature of Cyber Security
Abstract—There is an on-going discussion about establishing a scientific basis for cyber security. Efforts to date have often been ad hoc and conducted without any apparent insight into deeper formalisms. The result has been repeated system failures, and a steady progression of new attacks and compromises.
A solution, then, would seem to be to identify underlying scientific principles of cyber security, articulate them, and then employ them in the design and construction of future systems. This is at the core of several recent government programs and initiatives.
But the question that has not been asked is if “cyber security” is really the correct abstraction for analysis. There are some hints that perhaps it is not, and that some other approach is really more appropriate for systematic study — perhaps one we have yet to define.
In this talk I will provide some overview of the challenges in cyber security, the arguments being made for exploration and definition of a science of cyber security, and also some of the counterarguments. The goal of the presentation is not to convince the audience that either viewpoint is necessarily correct, but to suggest that perhaps there is sufficient doubt that we should carefully examine some of our assumptions about the field.