The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Eugene Spafford - Purdue University

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

Rethinking Cyber Security

Aug 21, 2019

Download: Video Icon MP4 Video Size: 314.1MB  
Watch on Youtube Watch on YouTube


Despite over 50 years of intensive research and experimentation, we still are plagued with systems that are fragile, compromised, and impossible to fully trust. There is near-daily news of compromises and losses, from criminals, nation-state actors, and vandals. The cyber ecosystem we have developed and upon which society is increasingly reliant appears to develop (or have exposed) a new vulnerability as soon as a current one is patched, and old problems keep being introduced.

Why do we have such problems? I contend it is traceable to one root cause: we don't understand what cyber security really is. Without good definitions we cannot formulate good metrics. With the absence of good metrics we can't really tell whether we are spending our money and time on useful approaches. Furthermore, the only metrics available to most decision-makers is based simply on cost and speed -- neither of which reflects security or safety.

This talk explores this idea in more depth, and should be understandable to non-specialists. I include discussion of some open research problems that -- if successfully addressed -- would lead to improvement of our cyber ecosystem.

About the Speaker

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!