Developing a Science of Cyber Security
As a recognized authority in cyber security and former Director of Research at NSA, Dr. Chang came to the hearing with a comprehensive security background. And during the testimony Dr. Chang immediately cautioned the committee concerning the "dark cloud of security" hanging over cyberspace.
"I don't have to tell you we are under attack in cyberspace," Dr. Chang testified, "those of us in the field of security have known about it for some time now, but now the problem has broadened and deepened in scope." Dr. Chang continued, telling the committee that the cyber security industry has a history of being reactive and after-the-fact, noting, "we wait for something bad to happen, and then we respond. We lack the fundamental scientific understanding of causes, of solutions, and of countermeasures. Science uses words like evidence, metrics, repeatability, and predictability. In cyber security, these words are not used often enough."
The Committee heard more from Dr. Chang on the "Science of Cyber Security," a topic he has been discussing for many years and believes would make a dent in the problems now facing cyber security. Dr. Chang testified that scientific rigor must be incorporated into cyber security, including taking a broad, interdisciplinary approach that correlates ideas from, for example, computer science, economics, psychology, and, biology, to provide unique insights into solving the many difficult problems posed now and into the future in cyber security.
To read more from Fred Chang on the Science of Cyber Security:
The Next Wave, "Building a national program for cyber security science"
Congressional Testimony, "Cyber R&D Challenges and Solutions"
Federal News Radio, "Federal Drive Interview with Fred Chang"
The Committee also heard from Terry Benzel, deputy director for the Computer Networks Division at USC's Information Sciences Institute and Michael Barrett, chief security officer for PayPal. The archived version of the full hearing is available for download.
21CT, Inc. investigative analytics and pattern-detection solutions secure your world. Using LYNXeon from 21CT, organizations rapidly collect enriched and disparate data, analyze and visualize it to find previously undetectable patterns, and gain the operational security insight needed to identify embedded cyber attackers, detect fraud, and document criminal behavior. For more information and to find out how investigative analytics and pattern-detection can secure your world, visit www.21ct.com.
Image Available: http://www2.marketwire.com/mw/frame_mw?attachid=2278615
Embedded Video Available: http://www2.marketwire.com/mw/frame_mw?attachid=2278634