Cyber Security in a Research Environment:  Integrating the Problem and the Solution

 

Traditional discussions about cyber security inevitably lead to the conclusion that security is mutually exclusive of usability and productivity; increase one side and you must reduce the other.  In addition, we now find ourselves in an era in which we discuss two types of cyber security: that which is compliance-oriented (accountability) and that which is real-world oriented (keep the bad guys out); also generally mutually exclusive of each other.  This triad of the cyber security environment presents both a challenge and an opportunity for the research and development world. We find a computing environment increasingly censored and restricted that obviously has negative impacts on effective and timely R&D. Naysayers could easily predict that within a few years, traditional computing may no longer be a source of viable innovation due to compliance and regulation relating to cyber security; at least within government. However, optimists like myself instead assert that we instead have a grand challenge worthy of significant, interdisciplinary R&D to find novel, unifying solutions. Cyber security as a science, while amazingly immature, has potential to draw upon diverse solution spaces. In this talk, I will discuss the effects and counter-effects of cyber security in dynamic research environments as well as the high-value opportunities I see in these same research communities that will hopefully lead to the holy-grail of cyber security: a productive and dynamic computing environment that is measurably secure as defined by a nondeterministic set of expectations (contradiction intended).