Security Metrics, Application Security and Cancer Research

I would not have thought that there would be a relationship among security metrics, application security and cancer research until I read an article in the Sunday Magazine section of the June 17, 2018 New York Times by Siddhartha Mukherjee with the lengthy title “A way of thinking about cancer ... Read More

AI Bias Validated!

In my BlogInfoSec column “Is A.I. For, or Against, Cybersecurity?” posted on June 18, 2018, I asserted that developers are introducing their personal biases into the design of AI (artificial intelligence) systems. My statement was based on experience, supposition, and intuition. To my surprise, a few days later (June 22, ... Read More

Is AI For, or Against, Cybersecurity?

With the rapid proliferation of so-called AI (artificial intelligence) systems (many of which are really just rebranded expert systems), we cybersecurity professionals are confronted with two critical issues, namely: Can AI methods be used to improve the protection of our data, systems, and networks? And can AI systems be secured ... Read More

Cybersecurity and Safety of AI and Robots

The article in The New Yorker of May 14, 2018 by Tad Friend with the title “Superior Intelligence: Do the perils of A.I. exceed its promise?” describes two schools of thought with respect to concerns that researchers have about both ANI (artificial narrow intelligence) and AGI (artificial general intelligence) systems, ... Read More

Securing the Critical Infrastructure—Two Lost Decades

On May 22, 2018, it will have been 20 years to the day since President Bill Clinton issued PDD 63 (Presidential Decision Directive No. 63: Protecting America’s Critical Infrastructure). The PDD laid out a plan to protect critical sectors of the economy, such as telecommunications, energy, banking and finance, transportation, ... Read More

Oh, BTW, The Russians Cyberattacked the U.S. Critical Infrastructure

While we have been distracted by the dalliances of an errant president, the exfiltration from Facebook of personal information belonging to a gazillion users, and the use of those data to influence elections, the U.S. encountered an existential threat, which was given relatively short shrift by the news media. On ... Read More

Cybersecurity Fails … Government Not Keeping Up

I was reading Andrew Ross Sorkin’s article “Flying Taxis, New Exciting Stealth Mode” on the front page of Business Day in the March 13, 2018 New York Times (more about that later) when I noticed (in the adjacent column … an advantage of reading the paper version) an article by ... Read More

Where Auto-Auto Security and Safety Risks Lie

In her front-page article “Your New Car’s Best Tech Feature May Be the ‘System Off’ Button” (Wall Street Journal, May 11, 2017), Christina Rogers raises several important points: one, that some of the safety features built into modern cars are so annoying to drivers that they turn them off and, ... Read More

Global Cybersecurity Standards … Another Plea

“The Editor’s Letter,” in the May 2017 issue of the Communications of the ACM (CACM) by Moshe Y Vardi is about “Cyber Insecurity and Cyber Libertarianism.” The column is available at Vardi’s column recognizes the deficiencies in cybersecurity that I’ve been harping on for years. He writes the following: ... Read More

Cybersecurity Risk Model … Implicit or Explicit Consensus?

Whenever you engage with an online vendor or service, you must first click on the “Agree” button to indicate that you will honor the stated terms and conditions mandated by the site owner. Most individuals click the “Agree” button without thinking, knowing that activating the “Don’t Agree” button will result ... Read More