Dan Geer's Black Hat 2014 talk Cybersecurity as Realpolitik (also available as text) is thoughtful, smart, vital, and cuts through — then ties together — strands of security, liability, governance, privacy, and fairness, and is a veritable manifesto for a better world.
There are three professions that beat their practitioners into a
state of humility: farming, weather forecasting, and cyber security.
I practice two of those, and, as such, let me assure you that the
recommendations which follow are presented in all humility. Humility
does not mean timidity. Rather, it means that when a strongly held
belief is proven wrong, that the humble person changes their mind.
I expect that my proposals will result in considerable push-back,
and changing my mind may well follow. Though I will say it again
later, this speech is me talking for myself.
As if it needed saying, cyber security is now a riveting concern,
a top issue in many venues more important than this one. This is
not to insult Black Hat; rather it is to note that every speaker,
every writer, every practitioner in the field of cyber security who
has wished that its topic, and us with it, were taken seriously has
gotten their wish. Cyber security *is* being taken seriously,
which, as you well know is not the same as being taken usefully,
coherently, or lastingly. Whether we are talking about laws like
the Digital Millenium Copyright Act or the Computer Fraud and Abuse
Act, or the non-lawmaking but perhaps even more significant actions
that the Executive agencies are undertaking, "we" and the cyber
security issue have never been more at the forefront of policy.
And you ain't seen nothing yet.
I wish that I could tell you that it is still possible for one
person to hold the big picture firmly in their mind's eye, to track
everything important that is going on in our field, to make few if
any sins of omission. It is not possible; that phase passed sometime
in the last six years. I have certainly tried to keep up but I
would be less than candid if I were not to say that I know that I
am not keeping up, not even keeping up with what is going on in my
own country much less all countries. Not only has cybersecurity
reached the highest levels of attention, it has spread into nearly
every corner. If area is the product of height and width, then the
footprint of cybersecurity has surpassed the grasp of any one of us.