Why are Cyber Technologies Fundamentally Insecure?

Former Secretary of Navy Richard Danzig to Propose Controversial Sacrificial Practices and a Return to Analog to Protect Some Critical Systems at Upcoming NYU/Sloan Lecture

Brooklyn, N.Y.—The latest in a series of open lectures on cyber security and privacy at the New York University Polytechnic School of Engineering will probe the inherent vulnerabilities that weaken the nation’s cyber security systems, and its keynote speaker will call for comprehensive changes to boost the safety of vital information stores.  The conference, entitled “Surviving on a Diet of Poisoned Fruit: Reducing the Risks of America’s Cyber Dependencies,” will take place in Downtown Brooklyn on December 10, 2014.

Distinguished Lecturer Richard Danzig, vice chair of the RAND Corporation and former secretary of the Navy, will lead an exploration of the paradox of today’s cyber security systems—specifically, how the unprecedented capabilities and efficiencies afforded by sophisticated information technology make the United States more vulnerable than ever to exploits and attacks. His remarks will be based on a 2014 paper Danzig wrote with support from the U.S. Defense Advanced Research Projects Agency (DARPA). The report was published by the Center for a New American Security, where Danzig is a fellow and board member.

Danzig will expound upon nine wide-ranging recommendations, as outlined in his report, to repair what he believes are significant deficits in the country’s cyber security practices. They include careful sacrifice of select IT capabilities to reduce vulnerability; implementing non-digital safeguards in critical systems; ensuring that critical private-sector companies maintain the same security standards as government entities; emphasizing incentives rather than regulation to enforce security standards; and a host of additional suggestions that challenge current norms and form a vision for a more secure, diverse cyber future.

“Our near-total reliance on digital systems has ushered in a level of vulnerability that was unthinkable even 20 years ago,” said Danzig. “Despite tremendous security advances, cyber technologies are still fundamentally insecure. It sounds counterintuitive, but making our systems less sophisticated in some instances and choosing to limit some of our capabilities to reduce our vulnerabilities are among the keys to safeguarding our systems and assuring their resilience when penetrated and subverted.”

Following his lecture will be a panel discussion featuring Ralph Langner, director and founder of Langner Communications, an independent cyber defense consultancy, and an expert on the Stuxnet worm; Andy Ozment, assistant secretary, Office of Cybersecurity and Communications of the U.S. Department of Homeland Security; and Stefan Savage, professor of computer science and engineering and director of the Center for Network Systems of the University of California, San Diego, a leading researcher on the economics of Internet-based crime. The panel will discuss Danzig’s recommendations, including technology, policy changes, economic and business choices and other means of reducing cyber vulnerabilities.

This conference is the fifth in a series of open lectures on cyber security and privacy sponsored by the NYU School of Engineering in alliance with the Alfred P. Sloan Foundation. These events consistently draw high-level representatives of New York’s regional businesses, government agencies, nonprofits, academic institutions, media, and concerned members of the public.

NYU School of Engineering Dean Katepalli Sreenivasan will deliver opening remarks. “Our students and researchers are at the forefront of building more secure cyber technologies and systems, and this conference will present crucial guidelines for ensuring that we use these advances to the greatest benefit,” said Sreenivasan. “We are honored to host Richard Danzig and our esteemed panelists, whose broad expertise will make for an engaging, important discussion on diversifying the methods by which we protect sensitive information.”

Admission to the conference is free, but space is limited, and registration is required. The lecture will be streamed live at http://engineering.nyu.edu/live. To submit questions during the lecture, email cyberlectureseries@nyu.edu or post on Twitter @cyberlecture.  For more information and to register to attend, please visit http://engineering.nyu.edu/sloanseries/.

The NYU School of Engineering is an internationally recognized center for cyber security research, education, and policy. It has received all three Center of Excellence designations from the National Security Agency and the United States Cyber Command.  The School of Engineering has joined with other NYU schools to form the Center for Interdisciplinary Studies in Security and Privacy (CRISSP). The consortium researches new approaches to security and privacy by combining security technology, psychology, law, public policy, and business. NYU-ePoly, the school’s online learning unit, delivers 20 online graduate programs worldwide, including the virtual cyber security program, named the nation’s best online program by the Sloan Consortium in 2011.