Page 21 - Cyber Warnings
P. 21
today. It may not be perfect, but we will at least have some expectation of cost (financial and
functional) and the security we are achieving in that system.
The second and more pessimistic scenario is a world in which we have just become used to
insecurity. There is a kind of really toxic resignation among some members of the cybersecurity
research community, as well as industry and government, that today’s systems are unfixable
and that we don’t have the technology, time or resources to make ourselves more secure. The
danger with this resignation is that we are basically saying we’re okay to accept whatever
comes, at whatever cost to our society. Unless we make cybersecurity a national and industrial
priority, we might find ourselves in that world. This is a particularly dim and uncomfortable
scenario, not only because the kinds of benefits we see from technology would be greatly
diminished, but our potential for changing life on this planet-- from healthcare, to society, to
communications, to quality of life, to energy efficiency, to protecting the environment--will be
vastly diminished.
Finally, there’s the issue of privacy. I tend to separate the issues of security and privacy,
although you can make parallel arguments. The problem today, especially with the social media
generation, is that we give up our privacy because there is no immediate cost. And because
there is no immediate cost, it becomes hard to quantify and understand, and even hard to
predict the potential outcomes.
Unfortunately, until you feel the pain of a privacy loss, it has a zero cost. I’m consistently
surprised by the kinds of privacy tradeoffs people are making online. They don’t really seem to
realize what they are giving up, and until we get to a point where public policy and technology
can help us see and understand the immediate costs of giving up our privacy, we will continue
to undermine ourselves.
About The Author
I am a Distinguished Professor in the School of Electrical Engineering and
Computer Science at Pennsylvania State University and a fellow of both IEEE
and ACM. I am also the Director of the Institute for Networking and Security
Research (INSR), a research institute focused on the study of networking and
security in diverse computing environments.
This Q&A was conducted by the Association for Computing Machinery
(ACM). For more than 50 years, the ACM Turing Award has been recognized
as the most prestigious technical award in the computing industry. In recognition of that
milestone, ACM has conducted Q&As with industry thought leaders to highlight important trends
and topics in the computing industry. More information on the ACM Turing Award may be found
at www.acm.org/turing-award-50
21 Cyber Warnings E-Magazine – March 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
